I dont :) Mostly.

Honestly I have an auto backup system. And then set it up to auto update periodically. Then use Debian Server as it almost never breaks as a server distro.

I have rss feeds for my main service updates so I know what new features I have, the services mostly run in podman containers and update automatically each Monday. I also have daily backups (timed to run just before the update on monday) in case anything does break.

If it breaks I fix it depending on how much I want/need it, mostly it’s a matter of half an hour to fix it and with my current NixOS/Podman system I haven’t yet needed to fix anything this year so it breaks infrequently.

Also why are you using Kubernetes on a single host if you want minimal maintenance? XD

My recommendation is to switch to just managing containers, you should just be able to export the volumes out of kubernetes and import them as normal volumes, as long as they’re mounted in the right place you keep your data and if it doesn’t work just try again. Not like you need to destroy the current system to slowly replace it.

Edit: I also recommend to update and reboot frequently, this stops updates and unstable configurations from piling up.

I run Debian on most of my systems and run all of my services in docker (with rare exceptions for node_exporter or stable core tools). My base systems get automatic security upgrades, and then I’ll manually check in every few weeks whenever I feel like it.

My services in docker are version locked to a specific major version (when there’s a tag available) so I can usually re-pull to get minor version updates freely without breaking issues. My few more finnickey services get manual upgrades from me every 6 months or so only.

I usually stick to an OS version for as long as I can, and to that aim I stick to LTS versions with long support windows.

4 major versions in 12mo is…a lot. Especially if those include breaking changes for you. Yikes

Ansible.

This is why I’m still using a Synology ¯\(ツ)/¯

I can install all the fun stuff I want in Docker, but for the core OS services, it’s outsourced to Synology to maintain for me

First off, backups of the configs any user data that you can’t torrent should the inevitable happen.

Then set time aside to do updates, I spend Wednesday evenings updating and improving my setup.

Then find a way to track update announcements, I use both an RSS reader and newrealeases.io to know when something I run gets an update

Is it exposed to the internet?

Mine is local only so I’m not as diligent with updates. I push them like once every 2-3 weeks. Some containers automatically update but some don’t because in the past that has broken associated scripts

I switched away from truecharts once scale switched to native docker and my experience has been much smoother since. TC had some kind of breaking change every other month, now I only have to worry about breaking changes when the actual apps have a major update.

The transition was way easier than i expected. First I set up nginx pointing to the TC load balancer for every url, so I could swap apps one at a time. Then I used heavyscript to mount the volumes for an app and rsynced them to a normal dir. With that I could spin up the community apps version or a custom docker config and swap over nginx once I confirmed it was working.

I use Debian stable for my main OS for the stability, security and infrequent updates, and run all of my services in Docker containers to keep everything up to date.

Yeah, everything that’s already been said, except that I specifically chose an off-the-shelf Synology NAS with Docker support to run my core setup for this exact reason. It needs a reboot maybe once or twice a year for critical updates but is otherwise rock solid.

I have since added a small N100 box for things that need a little extra grunt (Plex mainly) but I run Ubuntu Server LTS with Docker on that and do maintenance on it about as often as I reboot the NAS.

Constant maintenance? What’s that?

Here’s my setup:

• OS - openSUSE Leap - I upgrade when I remember
• software - Docker images in a docker compose file; upgrading is a simple docker command, and I’ll only do it if I need something in the update
• hardware - old desktop; I’ll upgrade when I have extra hardware

I honestly don’t think about it. I run updates when I get to it (every month or so), and I’ll do an OS upgrade a little while after a new release is available (every couple years?). Software gets updated periodically if I’m bored and avoiding more important things. And I upgrade one thing at a time, so I don’t end up with everything breaking at once. BTRFS snapshots means I can always roll back if I break something.

I don’t even know what TrueCharts is. Maybe that’s your issue?

I have automatic updates on everything. If it breaks, I fix it when I have time. If I don’t, it remains broken.

I could also just not do updates, but I like new features.

If it works, I don’t update unless I’m bored or something. I also spread things out on multiple machines, so there’s less chance of stuff happening like you describe with the charts feature going away. My NAS is pretty much just a NAS now.

You can probably backup your configs/data, upgrade, then deploy jellyfin again, restore, and reconfigure. You should probably backup your data on your ZFS pool. But, I recently updated to the latest TrueNas Scale from ~5 year old FreeBSD version of TrueNas and the pools still worked fine (none of the “apps” or jails worked, obviously). The upgrade process even ported my service configurations over. I didn’t care about much of the data in the pools, so only backed up the most important stuff.

I’ve never used true nass, but I’ve never had any issue with keeping up with releases. I use a proxmox host with Debian containers mostly, and then I use ansible to do any major changes to the hosts such as replacing certificates or upgrading the packages

Being said my backup structure isn’t the most professional, I have a 8 TB external drive that I keep plugged in via USB and I have proxmox backup server on the same host and it creates backups nightly

I’ve got backups. Haven’t updated or looked at my server in months. If I’m ever compromised by missing security updates, I just load a backup and regenerate all keys.

I don’t put any critical data on public facing servers.