Caddy can do both. If you’re using a wildcard already, stick with it. In fact, I’d say it’s more prudent to use wildcards (with DNS challenges) than http challenges.Then you aren’t listing all of your domains in letsencrypt’s public database for everyone to see. Nobody needs to know you’ve got a site called bulwarksdirtyunderpants.bulwark.ninja

Good write up. Thanks for the good lessons learned section.

Tmux is your friend for running stuff disconnected. And I agree with the other post about btrfs send/receive.

Argus https://release-argus.io

They’ve been rock solid so far. Even through the initial sync from my old file server (pretty intensive network and disk usage for about 5 days straight). I’ve only been running them for about 3 months so far though, so time will tell. They are like most mini pc manufacturers with funny names though. I doubt I’ll ever get any sort of bios/uefi update

Internet: 1G fiber Router: N100 with dual 2.5G nics Lab: 3x N100 mini PCs as k8s control plane+ceph mon/mds/mgr 4x Aoostar R7 “NAS” systems (5700u/32G ram/20T rust/2T sata SSD/4T nvme) as ceph OSDs/k8s workers Network: Hodge podge of switches I shouldn’t trust nearly as much as I do 3x 8 port 2.5G switches (1 with poe for APs) 1x 24 port 1G switch 2x omada APs

Software: All the standard stuff for media archival purposes Ceph for storage (using some manual tiering in cephfs) K8s for container orchestration (deployed via k0sctl) A handful of cloud-hypervisor VMs Most of the lab managed by some tooling I’ve written in go Alpine Linux for everything

All under 120w power usage