I've been using an Ubiquite EdgeRouter Lite as my home / homelab router and firewall for the past ten years, give or take. Ubiquiti seems to have ended development. I'd like to switch to something else, but it seems that very little out there does zone-based firewalls in the modern era. Before I switched to the ERL, I was using a Linux machine with Shorewall, but even Shorewall is dead now.

What are my modern options for zone-based firewall configuration?

ah we're back. bump

>>101476957
what do you want on top of that? IPS? IDS? signatures? appid? throughput? ports? dynamic routing support? you have to be more specific.

>>101477136
>what do you want on top of that?
it slings packets. gigabit. that's it. the fanciest shit is just setting up vlans with firewall rules governing communication between each of them. guest wifi, iot shitfest isolation dmz, servers, the PCs & laptops, etc.

>>101477247
when you say servers PCs and laptops, you need ports to home run everything back? are you using a switch?

8 nvme drive array for vm storage on proxmox. What fs and raid should I use? I want to add half now and the rest later.

Looking to setup my media server, any thoughts on pairing this hardware with UNRAID? https://pcpartpicker.com/list/#compatibility_notes

>>101478002
Im stoopid https://pcpartpicker.com/list/tLHM9c

>>101477372
Yes, I have a set of two managed gigabit switches. I only need two physical ports.

Do I need a compatible NIC to get a VLAN trunk on my machine, or any NIC is fine and it's all done software-side? (proxmox)

File: Bildschirmfoto vom 2024-0(...).png (213 KB, 1917x1013)

213 KB PNG

>>101476824
any proxmox chads here?

File: image-121.png (30 KB, 1064x330)

30 KB PNG

>>101479149
Just waiting on drives to start moving over from my old server.

File: Prox.png (72 KB, 1435x789)

72 KB PNG

>>101479149
I run it.
Not as many VM's as you but my VMs do more work than just one service per VM.

>>101479480
Should change your repository to the non-commercial one.

>>101479485
I don't use VMs, I use LXC Containers. I wouldn't have enough ressources for it

>>101479567
My bad
Don't know how I missed hat.

>>101478017
Don't go fanless, even though I really like the idea, the issue is that as soon as your server starts transcoding media, it's just going to burn white hot. A fan allows you more freedom in what you can do with the system without having to worry about heat.

It's also really a waste of space to be using that type of case. You can literally use tiny palm sized computers to run Plex for example. Do yourself a huge favor and get one of the newer Intel CPUs that have integrated Arc graphics. Ultra 5, Ultra 7, are good options for your needs.

>>101479149
It's cool yeah but why do that instead of containers? Seems like pointless overhead. You can resource limit containers no issue.

>>101479744
I use containers, bro .. did you quote the wrong person?

>>101476957
Palo Alto if you can afford it, FortiGate if you cannot.

>>101477777
Only hardware raid with EXT4, XFS are supported or ZFS software raid with a HBA. BTRFS is irrelevant, tech preview hell for several years.

>>101478017
What does this desktop hardware have to do with servers? Where is your ECC memory, redundancies, failure tolerances, remote management interfaces that are to be expected from a server?
>>>/g/pcbg

>>101479872
So raidz2 4 drive vdevs? That's basically raid 10 isn't it?

File: Screenshot_20240719-150400.png (426 KB, 1440x1410)

426 KB PNG

I have two questions that are probably equally retarded and I apologize.

1. I just got a Nvidia shield for streaming media to my TV. For this explicit purpose, is there any benefit to setting up a NAS versus simply attaching a USB external hard drive to the shield itself for bulk storage.

2. I have pic related.
I have two issues,
1. I have too many goddamn devices and I'm filling it up.

2. I need more range.

I don't know how this works to save my life but this is what I've been told and piecemealed together if I got say a three pack of the nighthawk mesh Network routers, could I use them as access points for the router to essentially extend its range and maximum devices? What about literally just another one of the same router I have?

I know the router switches between like 5 and 2.4. depending on which one's faster for your current location, would that be something that is saved in a setup like that?

I don't know what I'm fucking doing

File: Screenshot 2024-07-19 at (...).png (235 KB, 2560x1355)

235 KB PNG

>>101479149
>No Subscription
>You have at least one node without subscription.
I've seen this image posted so many times, I don't believe it anymore to not be a production environment. Don't let the enterprise anons see this post.

>proxmox chads
More like virgins.

>>101479789
Oh I thought Proxmox was just VMs.

File: gartner-wired-wireless-lan-mq.png (88 KB, 1280x1428)

88 KB PNG

>>101479997
>I don't know what I'm fucking doing
Indeed, you're confusing routers with wireless access points, and switching.
USB to lose your data, no S.M.A.R.T. diagnostics, USB power-saving can be a headache too.
Router-on-a-stick configuration, as many wireless APs at low transmission power as you need closer to where wireless clients are being used.

https://www.gartner.com/doc/reprints?id=1-2GUUIAOL&ct=240307&st=sb

Netgear anything is consumer-grade trash.

any mikrotik guys here?
im trying to switch from openwrt to routeros and i have a question about local domains specifically relating to proxmox and FQDN.
so currently im running openwrt on an old wrt 3200 acm and i have a custom lan domain that i only use locally and its not resolved to the internet. additionally i have two proxmox hosts that have said lan domain as their FQDN and there is a specific option in openwrt to force an FQDN to be resolved locally.
is there way to do that with routeros?

what's a cheap cpu that has integrated gpu? main use would be to run windows and only use snapraid as a data storage pc.
i dont want to use truenas because i can add hdds on the fly. unraid isn't free so that's out too.

>>101479836
>FortiGate
The FortiWifi 40F looks reasonable, around $400 new. They also seem to have a VM-based thingie that I'd prefer in principal, but pricing on it is hard to find.

File: file.png (15 KB, 262x240)

15 KB PNG

>>101481253
psst, websites have filters. the cheapest possible new processors with integrated graphics are around $100 but you probably don't want those. pick your mobo first, and then pick the CPU.

>>101479836
When the fuck is 2.5G going to be standard? I'm sick of gigabit bullshit and being unable to find routers not filled with single gig ports.

What's the best way to add a drive as raid1 to an existing installation ?

File: fb1a6f180a1514066cc28277f(...).jpg (1.22 MB, 4608x2592)

1.22 MB JPG

>>101476824
don't forget intakes for the computers rooms lad.

Suggestions for Chinese or Russian software to run on my computer? Currently looking at Seafile and GeeseFS and looking for others

>>101481643
I don't really know what to look for in a mobo. I know I want at least NVME for my OS drive, at least 5 SATA ports and 2 or 3 PCIe slots for a SAS HBA. Does a motherboard need ECC support for it to work or just the CPU, do I even need ECC when all I'm storing are media I downloaded off the internet? I only ever built PCs designed for gayming and this would be the first time I build a server PC. I don't really want to spend thousands of dollars right off the bat. There are xeon and mobo kits on AliExpress but a lot of the Xeon CPUs don't have integrated GPUs and I don't really want to buy one, even if it's used.

>>101481555
Not enough RAM to run the latest versions and even then 60F was more mainstream in homelabs.
It's also more than $400 with licensing.

File: PXL_20240719_223343333.jpg (2.83 MB, 4032x3024)

2.83 MB JPG

Just got my first home server frens. For way cheaper than I anticipated too.

Time to slap Ubuntu Server on this bad boy, put it in a corner, and throw some Docker containers against it.

>>101481655
There's no use case for 2.5GBASE-T. No server NICs exist for that speed. WiFi APs are very niche use cases for 2.5GBASE-T but not in a home environment and even then any older client on air will degrade everyone else on air to 802.11ax or whatever, below gigabit speeds.
10G, 25G, 40G, even 100G can be cheaper to deploy for faster speeds than 2.5GBASE-T.

>>101482583
It says ThinkCentre, not ThinkSystem.
Anon that's a desktop / workstation, not a server. Who conned you into buying this?

>>101482618
I just need a single machine. Not a whole rack.

>>101482325
>this would be the first time I build a server PC.
This is an incorrect approach, anyway. OEM servers have better hardware, are more widely supported and often also cheaper second-hand than any self-built server can be capable of.
You're missing out on lots of nice things by going the DIY route, such as hotswappable front drive bays and redundant power supplies.

DIY server builds are toys, not something to be relied upon (like duty weapons).

>>101482640
Nobody talked about racks but you. A ThinkSystem is a tower server.
There's also a lot of software which requires 2-5 servers, that you will be unable to run in production with only one server.

>>101481253
Xeon E3 / E-2100 / E-2200 / E-2300 series.

>>101482707
Such as?

>>101482744
Active Directory, MinIO, HashiCorp Vault, optionally GitLab. Ansible AWX (because of Kubernetes).

File: myfirstscam.gif (350 KB, 2508x3876)

350 KB GIF

found this highly suspicious LTO 7 drive for £400.
the indian herbal viagra selling ebay account (see his store) says it's a cleaning tape but it also explicitly says the drive comes with a cleaning tape and it repeatedly says the name of the drive in the pictures.
So I bought it.
>Will it be legit?
>can i flip it to 3x to make a cool thousand pounds?
>or have i burnt money that i dont have on some obvious to ogood to be true scam?
>tune in next week

>>101482779
I don't need all that.

And GitLab runs on a single machine no?

>>101482692
>DIY server builds are toys, not something to be relied upon (like duty weapons).
Well, yes, I know that. I'm not here building a server PC so I can store company data on it. I'm using it so I can store a flash game I downloaded back in 2008 so I can have it for archival purposes.
Right now I'm browsing stuff on ebay for some old and used server equipment. There's a HP Z420 workstation motherboard which looks nice. And old Xeon CPUs are cheap now.
Still, would be nice to run windows on it since I like SnapRaid. I don't really want to buy a GPU.

>>101482878
Ignore the enterprise shithead, you'll be fine

>>101482036
League of legends

>>101482930
Thanks anon. I figured as much.

I just want to selfhost some stuff in my LAN. A SSF desktop repurposed as a server works for me.

>>101478583
i personally just bought an srx345. you'll have to be creative to get updated code for it if you dont have a proper juniper account.

>>101482583
What does this desktop hardware have to do with servers?

>>101458348 here
>The switch didn't ship with a manual. I looked at the link on the listing, and it's awful as expected. If you click the download button, it tries to download a zip(????), so I just used the "view" button and it opens a PDF in chinkglish as expected.
>Ships with 192.168.0.1 as the default IP, so I used the console to change that. No documentation on the console port, but I got the following settings to work: 38400 8N1 with no flow control.
>Can't view logs in the web UI, shows up empty regardless of what option I choose. Which I guess is a good thing, because I see no way to set a remote log server, and the drive in that thing is probably garbage.
>Negotiates 1Gbps and 2.5Gbps as expected with my uplink switch and Linux PC respectively
>SFP+ port negotiated 10Gbps with my Linux server
>iperf3 shows a transfer speed of 2.36Gbps from the PC to the server
>Can't test the 802.3bt(PoE++) yet because I forgot to get a Cat6A cable rated for for it. It'll be here soon.
>>101460356
I don't use Wake-on-LAN, so I'm not sure if I'm doing something wrong. Got my server hooked up on the leftmost port running

tcpdump -i eno1 -n -v -s0 udp port 9

and my PC on another port, and running

wol -h $server_ip $server_mac

on from the PC results in no output on the server.
>>101462249
>Does it work? Please share your setup experience.
Yep. I haven't had to do anything other than change the management IP. Let me know if there's any specific feature you want me to test.
>Damn that would be great hooking up a ridiculously overkill wifi AP
That's exactly why I got this. I have a WAX630EP and I want it to run off of a single cable so that it's more convenient to mount it on the ceiling. And my PC's mobo's ethernet is 2.5Gbps.

>>101483798
poor kw/h boi

>>101482583
what's with the fag flag

>>101483955
Also, the switch supports SSH but I can't figure out how to connect. I had ChatGPT fix my ssh options a few times and now it looks like

ssh -o UseRoaming=no -o StrictHostKeyChecking=no -o KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-rsa,ssh-dss -o PubkeyAcceptedAlgorithms=+ssh-rsa -o Ciphers=+aes128-cbc,3des-cbc

but I get "Bad server host key: Invalid key length"
Any ideas?

I run an SBC off solar power and a small battery for some minor automation tasks since power here is a bit spotty. I was considering adding some hard drives to and replace a dedicated media server, those would have to be run off a regular AC socket.

What would happen when the power goes out to the hard drives but not the computer? Would it require manual intervention or work as normal after power is restored?

>>101476824
do any of you run any security tools like crowdsec (NOT crowdSTRIKE) or security onion? does it server any practical use at home, or just lab shit for theory practice?

> install nextcloud
> go thought the wiki
> everything seems to work
> go the the webpage
> PHP module zip not installed.
> PHP module cURL not installed.
> do a phpinfo()
> php version match php-legacy
> php modules zip and curl are listed
> they exists in /usr/lib/php-legacy/modules/
What am I missing ?

>>101483955
buy chinese cry chinese

>>101483955
>I see no way to set a remote log server
It does actually support syslog(according to the CLI and documentation). But I'm not seeing any logs even when setting it to log to stdout.
>>101485102
cry? what about?

File: 1692149301987424.jpg (206 KB, 1266x688)

206 KB JPG

>>101481655
2.5g is for people who buy chinese shit and are retarded

802.3bz always encompassed 2.5g AND 5g combined modes, and 802.3an encompasses up to 10g over copper. any actual copper interface going forward that gets fielded in an enterprise is going to be 802.3bz+802.3an compliant.

you stupid fucks will really buy any switch on earth if it does 2.5g even though it's completely outside of the intended standard. 2.5g was primarily intended to help people who didn't want to run LACP to a device capable of wifi 6. now that we're moving to wifi 7, 2.5g is done.

>>101482583
tranny with a chinkpad
typical sff pc enjoyer

can i just buy a sas card and sas to sata cables and plug it in a 2008 desktop computer and install truenas in it and call it a day?

>>101485382
You can just plug sas cables into sata. Doesn't go the other way around tho.

>>101485489
I want to plan when I eventually expand to more than 4 drives.
4 SAS turning into 16 SATA sounds so nice. I don't really see myself ever passing 16 HDDs so only buying one card is nice. And they're roughly the same price as a 8 SATA one.

File: image-251.png (162 KB, 626x419)

162 KB PNG

>>101485262
25gbe on consooomer mobo's when?

File: 513ylq+2s2L._AC_SL1024_-3(...).jpg (47 KB, 787x608)

47 KB JPG

>>101485825
Why not just use a PCIe card?

>>101485862
Because I want a nice looking open air sff build that has fast networking. Purely vanity. There's a thunderbolt devices that do 2x 25gbe but it's like $1000

>>101481812
Nice, what did you hook it up to

>>101486206
>open air sff
that's not very enterprise of you

File: GS2QNFGa4AA8RY-.jpg (107 KB, 1199x1072)

107 KB JPG

>>101486268
Uuuhh. Lust provoking image?

File: 83dbf38d-8d36-4a4a-9437-d(...).jpg (151 KB, 960x1280)

151 KB JPG

it's time to have some fun by reusing ancient e-waste into a dedicated pfsense box
let's see how it turns out

>>101482583
Battyboy detected

>>101478017
a 13900T would be better for fanless cooling

Enterpriseschizo, what hardware should I use if I want a cheap low-power server that will be acting as a firewall?

>>101484112
>I had ChatGPT fix my ssh options a few times
ew, people actually do that?

>>101487347
an ibm mainframe

>>101487960
It's worth it even if you can proficiently code. It's easier to type "do X thing" than writing out 50 lines of code manually. Often I ask GPT to give me commands for terminal that I cbf to type out myself (generally long directory paths and such).

Looking for an antenna for sending wifi to neighbors 3200' away. Unobstructed view, but about 150' higher elevation.

Unidirectional for least bandwidth, packet loss? Thanks anon

File: shot-2024-07-20_10-42-39.jpg (32 KB, 395x391)

32 KB JPG

>>101486233
a pico PSU atm, until I design or find a small pcb for an esp8166 controller.
desu it doesn't flow enough air compared to dedicated ventilation's blower. Having one atop of that computer room, I feel the difference.
it's still an intake, but perfectible.

>>101484265
>What would happen when the power goes out to the hard drives but not the computer?
might fuck your files up if power goes down when you're writing said files

>>101485060
desu this is pretty much why i prefer things like
turnkeylinux.org/nextcloud
Or run nextcloud as truenas plugin

Does setting my files to read only change them in any way? Could anyone please explain what the read only function does on a system level?

t. autist scared his files might unintentionally change

Hi anons, three questions.
If you want to run a few things, like pihole, unbound and like one or two more services on an ancient (intel i5 first gen) laptop, would you go with proxmox or just a plain baremetal server OS?
At which point do you consider buying using dgpus for your server(s) and how much power would you need (non ai stuff btw)?
The layout of my place does not allow for full ethernet throughout the house so I need to look at wireless solutions to cover every device but there's not that many signal stability/strength reviews for locally available devices, how should I tackle this?

>>101487347
how many PCI-e lanes/ports? are you sending east-west through it or just north-south? bandwidth from ISP? do you want to do layer 7 inspection or just layer 3 blocking?

might convert my md raid1 to raid5 later today, wish me luck anons

>>101485382
Sounds retarded, but do as you want.
>t. anon

>>101487347
Single-socket, high frequency server CPU (Xeon E3 / E-2100 / E-2200 / E-2300, AMD EPYC 4004), unless you need Intel QAT for crypto acceleration. I prefer a server from a big name OEM.

>>101491079
Forgot E-2400.

>>101488923
What does this have to do with servers?
>>>/wsr/

>>101489761
What does this have to do with servers?

If you mount a drive as read-only, nothing about the metadata / POSIX permissions of files changes, but no writes will be allowed.
If you change any file's permissions to read-only, the "file" will be changed.

Something of irrelevant note, you can't browse all OS directories live (in Windows XP) in an NTFS if the NTFS drive is mounted read-only.
>>>/g/sqt

>>101491103
It has to do with networking. Read the thread title.

>>101476824
>>101491174
>/hsg/ - Home Server & Networking General
OP is a faggot. There was no consensus to put "Networking" in the title.
Let's be real, we're all LARPing an enterprise here with used enterprise equipment for (enterprise) servers at home. >>101455976

>>101490444
>how many PCI-e lanes/ports?
I think just a 3.0 x16 port is enough. Will allow me to route 100Gbps (inter-vlan) eventually. I don't think it's feasible to run any sort of IDS/IPS on that kinda speed, so let's assume only internet-bound packets will be inspected.
>are you sending east-west through it
Yep
>bandwidth from ISP?
2 WANs, one is 1 Gbps the other is 150Mbps
>do you want to do layer 7 inspection
For internet-bound traffic. But afaik it's not super useful as I'd have to install custom certs on all my devices to allow the firewall to inspect them right?

File: wtf.jpg (151 KB, 1260x709)

151 KB JPG

I love it bros

>>101491304
is the daughtercard just for the extra pcie lanes?

File: Screenshot_20240720_090112.png (23 KB, 594x259)

23 KB PNG

>>101455976
I may have replied to you in the past.
You don't need to specify a system vlan but rather ad-hoc add vlans to your VM's using Proxmox's UI
>vmbr0 interface is good
>Remove vlan20 interface
>Add Network device to Proxmox VM like pic rel

>>101491339
https://www.nvidia.com/en-us/networking/ethernet/socket-direct/
>Socket Direct Adapters
>enables direct PCIe access to multiple CPU sockets, eliminating the need for network traffic having to traverse the inter-process bus

>>101491408
I hate high frequency trading so much it's unreal

>>101487347
Apparently there's less known or less widely used Xeon D-17xx / Xeon D-27xx / Xeon D-18xx / Xeon D-28xx processors for this purpose, with QAT support.

>>101487347
Atom c2/3/5xxx
enjoy paying fucked markup prices though

I am hosting a wireguard server at home and it works fine when I connect with my laptop or phone when I'm away. I tried generating a new wireguard client container on the same host where the wireguard server is but I am unable to connect to internet from inside the client container. Is connecting a wireguard client and server on the same machine impossible? I am trying to setup my wireguard client so that I can connect to a different wireguard server in the future

>>101492007
This sounds like not a problem with wire guard but with the network config on your Host or container

File: file.png (43 KB, 1033x488)

43 KB PNG

>>101492086
I tried making a new container from scratch but still no connection when in client mode. I wish I had a wg server in another location for a quick test

>WireGuard is provided as a Technology Preview only. Technology Preview features are not supported with Red Hat production Service Level Agreements (SLAs), might not be functionally complete, and Red Hat does not recommend using them for production. These previews provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
>You can use WireGuard only if the Federal Information Processing Standard (FIPS) mode in RHEL is disabled.
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/configuring_and_managing_networking/assembly_setting-up-a-wireguard-vpn_configuring-and-managing-networking

ngmi

>>101492292
lmao openvpn ftw

>>101492359
I'd rather use IPsec L2TP, supported natively by all major operating systems on the desktop and mobile without apps.

>>101492292
RHEL user here . Unless your a government body or contracting to one why would you have FIPS mode enabled ? Wireguard works fine on RHEL unless you turn it off with stupid rules

>>101492411
>Unless your a government body or contracting to one why would you have FIPS mode enabled ?
You wouldn't, but it's one reason why WireGuard won't get major adoption everywhere unless FIPS changes its standards to recognize newer crypto.

>>101492430
>unless FIPS changes its standards
US government*
>to recognize newer crypto.
or WireGuard implements FIPS approved ciphersuites and gets FIPS certification (a FIPS mode).

>>101492430
Wireguard is new so its no surprise bureaucrats don't like it yet

>>101491079
>I prefer a server from a big name OEM.
Such as? Must have 2x PSU
>>101491631
Not finding devices with these CPUs, mind giving some examples?

>>101492601
Dell PowerEdge for anything server related is popular, drivers can be downloaded without a support contract. Typically it's one of R230, R330, R240, R340, R250, R350, R260 or R360 for one of the single-socket Xeon E3 / Xeon E processor servers. HPE has more presence than Dell for servers in the Europe, but I can't name any specific model names. Note those Xeon E3 and E don't have QAT.
I don't know or have any well-known OEM examples with those Xeon D processors.

>>101492007
Weird loop back issue???

>>101487347
>>101492601
Also fyi all Xeon Scalable generations have QAT support, but you'd typically see them in dual socket servers and with a higher TDP (70 W or more).

File: file.png (113 KB, 1281x246)

113 KB PNG

>>101492260
>>101492675
Ah I did it. I had to change the ListenPort value to the outer port used by the client wg container. The reason why the very same conf file worked on my phone/laptop is probably because they were entirely different clients so there was no port mismatch considering they are not hosting wg servers using the default port

>>101492698
>10.13.13.3
lewd

>>101492601
>Not finding devices with these CPUs, mind giving some examples?
https://www.supermicro.com/en/products/motherboard/x12sdv-8ce-sp4f
https://www.supermicro.com/en/products/motherboard/x12sdv-8c-spt8f
https://www.supermicro.com/en/products/motherboard/x12sdv-8c-spt4f
https://www.supermicro.com/en/products/motherboard/x12sdv-8c-sp6f
https://www.supermicro.com/en/products/motherboard/x12sdv-4c-spt8f
https://www.supermicro.com/en/products/motherboard/x12sdv-4c-spt4f
https://www.supermicro.com/en/products/motherboard/x12sdv-4c-sp6f
https://www.supermicro.com/en/products/motherboard/x12sdv-20c-spt8f
https://www.supermicro.com/en/products/motherboard/x12sdv-16c-spt8f
https://www.supermicro.com/en/products/motherboard/x12sdv-10c-spt4f
https://www.supermicro.com/en/products/motherboard/x12sdv-10c-sp6f

I don't know if Supermicro makes fully configured systems with these.

>>101492810
https://www.supermicro.com/en/products/system/iot/mini-itx/sys-e200-12d-8c
https://www.supermicro.com/en/products/system/iot/1u/sys-110d-8c-fran8tp
https://www.supermicro.com/en/products/system/iot/1u/sys-110d-8c-frdn8tp
https://www.supermicro.com/en/products/system/iot/1u/sys-110d-4c-fran8tp
https://www.supermicro.com/en/products/system/iot/1u/sys-110d-4c-frdn8tp
https://www.supermicro.com/en/products/system/iot/mini-itx/sys-e200-12d-4c
https://www.supermicro.com/en/products/system/iot/1u/sys-510d-4c-fn6p
https://www.supermicro.com/en/products/system/iot/1u/sys-e300-12d-4cn6p
https://www.supermicro.com/en/products/system/iot/1u/sys-110d-20c-fran8tp
https://www.supermicro.com/en/products/system/iot/1u/sys-110d-20c-frdn8tp
https://www.supermicro.com/en/products/system/iot/1u/sys-110d-16c-fran8tp
https://www.supermicro.com/en/products/system/iot/1u/sys-110d-16c-frdn8tp

>>101492601
Dell PowerEdge XR4000.

>>101492601
Cisco ucs c4200

>>101476824
Alright 4chan. I hate the botnet. What can I actually do with a NAS?

>>101493062
If you don't know what data you would store on a NAS, you don't need a NAS.

my old vidya pc has proxmox on it now. it has 1 gigabit eth and 1 wifi interface. is there any point to bonding them? i just have the wifi turned off in bios right now

>>101493467
If you need another WiFi AP you could host a AP VM and pass your WiFi card through

>>101493062
It's where you put all your stolen pirated content, stolen from (((them))).

>>101492655
R330 looks great. The only issue I have is the power consumption, but I'll live with it. Thanks
>>101492694
I don't think there's any Scalable system that is cheap(<$200), is there?
>>101492810
>>101492877
>>101492946
>>101492983
Uhh what happened to cheap? Are y'all rich?

>>101493467
>is there any point to bonding them?
If you have to ask, then no point at all. Onboard WiFi is useful for desktop/workstation devices, not much for servers. What I used to do is passthrough the WiFi device to a dedicated VM and turn it into a WiFi cracking bot

>>101493545
>R330
>power consumption
it's pretty power efficient, see >>101152768

File: r330.png (22 KB, 382x282)

22 KB PNG

>>101493714
guess the image from the archive doesn't load, so i'll repost it

>>101493062
I use it as a central place to store all my files and access them over the network, personally

>>101485124
>It does actually support syslog(according to the CLI and documentation). But I'm not seeing any logs even when setting it to log to stdout.
Looks like I'm just an idiot and expected more logs. The logging(including syslog to a remote machine) works fine.

File: th-57460024.jpg (23 KB, 474x362)

23 KB JPG

It's a heatwave and all my hdds are hovering around 44°C when idling
w-will my data be ok?

>>101494556
The Curie temperature of a hard-drive platter is north of 400°C so you should be fine

>>101494556
doesn't even slightly matter

>>101494671
>>101494692
thanks anons, I love my data and wouldn't want anything to happen to it

>>101493545
>Your PowerEdge R330 supports these operating systems:
> BIOS
> Citrix XenServer 7.0
> Novell SuSE Linux ES 11
> Red Hat® Enterprise Linux 6
> Red Hat® Enterprise Linux 7
> SUSE Linux ES 12
> VMware ESXi 5.5
> VMware ESXi 6.0
> VMware ESXi 6.5
> VMware ESXi 6.7
> Windows Server 2008 R2
> Windows Server 2012
> Windows Server 2012 R2
> Windows Server 2016
> Windows Server 2019 LTSC
https://www.dell.com/support/home/en-us/drivers/supportedos/poweredge-r330

Kaby Lake (anything before Cascade Lake) is such e-waste. Nevermind what VMware HCL says about E3 v6 supporting VMware ESXi 8.0U3.

>>101480192
Pet peeve of /hsg/: Anons frequently pick TP-Link over Cisco, Juniper or HPE Aruba switching / APs because of this magic quadrant.

File: file.png (5 KB, 460x95)

5 KB PNG

Docker is so dumb you specifically need to tell containers in a stack they depend on another sibling container for networking even though you are pointing its service to a sibling service with network_mode. Without the "depends on" line the container will start before the networking one and then just idle forever because a container requires a restart to bind itself to another network. I can't believe I wasted an hour of my life over this

How did he get so obsessed with official supported hardware by operating systems ?

>>101495714
Minimize risks, as any good enterprise and professional sysadmin would.

>>101495400
Due to financial reasons, it's either newer consumer hardware or older enterprise hardware. Which would you pick?

>>101495828
>enterprise and professional sysadmin
But this is /hsg/ where people are storing Anime not business or government critical infrastructure so this advice is unproductive

>>101491266
DPI and layer 7 inspection are two separate yet adjacent concepts. so, no certs needed. DPI is for inspecting the body of HTTPS type traffic which you would need a cert for. if you're doing 100Gbps inter-VLAN you might as well just use a layer 3 switch, because doing it through the firewall overcomplicates layer 3 east-west. a simple inter-VLAN ACL configuration will achieve what you want. IDS/IPS for a 100g link would take greater than two high end EPYC processors for suricata (snort 3 is multithreaded but a resource hog). you would be better off setting a SPAN with some level of packet slicing if you planned on inspecting that level of traffic, and forget about blocking. you should be looking at something like a T630/T640 (because it's quiet and rack mountable) that has a CPU (or CPUs) with the same multicore score roughly as a 2700x which would be the minimum for 1gbps-3gbps IPS with suricata. 32gb RAM to hold session states in the buffer for inspection would be comfy as well. you can spec downward from that if you only do suricata inbound and not outbound but that is in contravention to trying to intercept botnet type traffic originating from inside your network.

basically, if you plan on doing layer 7 you're going to need something that will draw at least 60w idle. that is the price of proper security. if you're planning to just do layer 3 stateful blocking you can use a piece of shit hex router.

>>101489836
use proxmox, the resources required for adguard (use adguard) are paltry and you can still make use of what remains for other stuff.

>>101496672
Minimize risks of your anime collections becoming unavailable or lost then.
I love my data.

>>101496854
How will using the newest version of RHEL of windows server on an old power edge put your anime collections at risk ?

>>101496678
>basically, if you plan on doing layer 7 you're going to need something that will draw at least 60w idle. that is the price of proper security.
Or a dedicated firewall appliance with ASICs, not a software firewall on a server.

>>101496705
>proxmox
You mean a hypervisor. Proxmox VE in particular is only for masochists.

>>101496890
the licensing for a device that runs suricata, snort 3, or a proprietary IPS with updating signatures would be cost prohibitive. you're basically forced to go software firewall with suricata in a homelab.

>>101496879
>KB5022842 Breaks Secure Boot on Dell PowerEdge R730XD
https://community.spiceworks.com/t/kb5022842-breaks-secure-boot-on-dell-poweredge-r730xd/947218

One example. It was ever only validated for Windows Server 2019.

>>101496914
depends what you're trying to do. in an extremely simple deployment it's delightful. i had a nightmare doing PCI-e NIC passthrough with it to make a hypervisor that hosts only network devices. couldn't get line rate no matter the resources i threw at it.

>>101496930
Secure boot isn't something the home user needs

Anyone have a trusted hard disk for relatively cheap that's also relatively quiet (or at least not loud)?
Looking to expand my home storage and get some ZFS going.

>>101496963
>depends what you're trying to do. in an extremely simple deployment it's delightful.
Trying to import a VM cloud image? Superuser CLI only, no web UI. No direct import options from OVA/OVF. Both Hyper-V and VMware vSphere have this elementary feature.
Nested virtualization support is disabled by default.
Clicked a wrong button and then closed a pop-up window in cluster management, but the web UI still says "standalone node" and not joined? Next reboot your

/etc/pve/

directory will be nuked and Proxmox VE won't start or function correctly. Hope you have backups or be ready to reinstall your OS.
Proxmox VE 8.2-1 ISO installer doesn't display serial numbers for drives, only a

/dev/sd?

and drive model. You have to switch ttys and

ls -l /dev/disk/by-id/

, but if you happen to accidentally Ctrl+D or logout from that tty, that tty is inaccessible forever from now on until you restart the installer.
Trying to use Terraform to manage Proxmox VE? Two community made providers, one which was unmaintained for a noticeably long time, and both suffer from PVE's API limitations. https://github.com/bpg/terraform-provider-proxmox/blob/main/README.md#known-issues
No Veeam support (yet).
Proxmox VE bug #3086: https://bugzilla.proxmox.com/show_bug.cgi?id=3086 – unresolved for nearly four years. Built-in scheduled backup feature can be unbearably unusable because of this.
Windows guests don't have built-in support for virtio, and PVE doesn't have a way of automating installing guest tools from the hypervisor in the same way as VMware ESXi does. WinRE can't see virtio disks and loading the drivers at runtime is difficult.
Too write-heavy on logs by default to be bootable from a SATADOM device. (Only a concern on Dell PowerEdge 13G and earlier, where PVE is unsupported anyway.)
No web UI support to configure DHCP for interfaces.
2-3 dual socket PVE nodes cost more than VMware to license in a homelab.

>>101497340
I'm sure I've missed a few reasons, but the upgrade from kernel Linux version 6.5 to 6.8 in Proxmox VE 8.2 also broke a lot of deployments.

File: 1692162242302214.jpg (92 KB, 1024x1023)

92 KB JPG

>>101485382
If you're mobo has enough pcie bandwidth to accommodate a 10g/25g nic and an hba with enough space in the case for at least a raidz1/raid 10 pool, then it's a fucking server.

File: Untitled.png (292 KB, 1265x743)

292 KB PNG

>>101499399
>accommodate a 10g/25g nic
it doesn't. does it need to be that fast?

>an hba with enough space in the case for at least a raidz1/raid 10 pool
does the case need to be that big?
i plan on just buying these and keep buying more when i need more.

>>101499399
But does it have remote admin access (BMC)?
(Also hi. The cartel knows who you are.)

>>101499452
NTA. 10 GbE is nice to have for a select clients / workstations and small deployments of clusters. 25 GbE is for cluster traffic of most deployments.
It can get prohibitively expensive to have 10 GbE SFP+ access, 25 GbE SFP28 uplinks on managed switches, nevermind firewalls capable of handling that traffic.

is there a way to estimate server load? I want to host a discord bot that literally only reacts to one keyword and writes a message for one key word

>>101477247
Firewalla Gold is braindead simple and a solid product. Not technically a NGFW but has basic IDS/IPS.

File: proxy-image.jpg (25 KB, 500x418)

25 KB JPG

>>101499452
>it doesn't
Are you sure? What mobo do you have? You can run a 10g nic on a 2nd gen x4 slot.
>does it need to be that fast?
In the grandest scheme of thing you could describe as "things to think about for setting up some sort of long term file storage/server solution", trying to plan/accommodate for at least a 10g lan is a high-priority item. At its most basic form, you can have 2 10g nics installed into 2 machines with a dac line between them for $30 each, or you can find reliable entry level 4 port 10g switches for around $150 for truly brain-dead setup. Putting that into context with the speed of your average hdd, sata ssd, sas ssd or nvme ssd, it's good basic-bitch infrastructure to have. Nice enough for pooled hard drives or a nicer sas/cheap nvme drive to saturate, but not so bandwidth hungry to require much thought about what sort of motherboards you'll need as a 25g line/dual 25g nic.
>does the case need to be that big? i plan on just buying these and keep buying more when i need more.
depends on your goals and aims - if you happen to have an old case with one or multiple 5.25 drive bays then you can use your enclose/some icydock variant and have a decent entry-level setup.
>>101499463
He can play with a pikvm or something of the like if he wants to be hardcore henry for his first built. You lovable schizophrenic.
>the cartel knows who you are.
I'm not trying to write a book on being original here, if it works, it works.

>>101499570
Poll SNMP data, read uptime(1) results, read Prometheus node_exporter loadavg data.

>>101496678
Thanks for the great info. I have 2x R630s in my rack that I will repurpose to HA firewall duties. Looks like I got lots of reading to do

>>101478002
>>101478017
unraid is dogshit for anything serious, but just for media is whatever.

>2x 22TB
Don't plan on storing anything important on this server. Large-capacity drives are a liability. And if you end up using raid, that could take weeks to rebuild. That's partly why enterprises stay below 1TB/drive.

>>101481655
consumers are retarded and don't need LAN speeds when the average consumer uplink speed is still something like 200/10.

>you stupid fucks will really buy any switch on earth if it does 2.5g even though it's completely outside of the intended standard
because 10g prosumer gear is still fucking outrageously priced. Find me a basic managed vlan-capable switch with at least 4 ports that is under $700. 2.5g is at least still in an reasonable range.

File: diagram-gartner-network-f(...).png (244 KB, 3434x3744)

244 KB PNG

>>101499652
>Firewalla
no MQ no gud

>>101499655
>depends on your goals and aims - if you happen to have an old case with one or multiple 5.25 drive bays then you can use your enclose/some icydock variant and have a decent entry-level setup.
My goal is to just make a storage server where me and my family can dump all our shit in. Mainly me and my sister though. My games and maga, her anime and music.
I do NOT have an old case with any 5.25 drive bays. And I've seen those icy dock stuff. That shit is expensive. While I plan to only start with 4 HDD I plan to at least reach 12. Or maybe 16.

>>101499826
>That's partly why enterprises stay below 1TB/drive.
NTA I don't buy into this argument for 3.5" HDDs. Enterprises have largely moved on to SSDs and flash (NVMe) for storage. HDDs are fine for backups and cold storage, data you won't retrieve or access often but only in the worst case scenario.

Also I want you to find two managed, stackable switches. Not one, non-stackable one.

>>101495678
sounds like typical OSS troonix

>>101499871
Guess it boils down to how much you can stuff into your old case then. 4tb hdds are like 60$, 12s can be had for around 130 - allin 3.5" form factor.

>>101499871
>While I plan to only start with 4 HDD I plan to at least reach 12. Or maybe 16.
How about a Synology or a rackserver?

>>101479836
Forgot pic: >>101499862

>>101499911
So expensive. All I really need is a sas hba card from ebay and cables. A complete synology unit can run me $600+
These are without including the HDD prices.

>>101499936
Well, it's your call if $600 or whatever the cost will be is worth your time or disaster recovery cost when relying on desktop grade hardware.

>>101499964
>recovery costs
i aint storing critical data. its literally disposable media we find on the internet. reason why we want to store them is because some torrents have 0 seeders and finding them again is a pain in the butt.
am i going to be annoyed if i lose them, yeah. am i going to kill myself for not buying a proper nas, no.

File: ricflair.gif (1.73 MB, 220x145)

1.73 MB GIF

>>101499826
i assume you mean copper because we're talking about mgig.

C9300-24UX on ebay
too easy.

How do I interface with parent groups on social media in a way that protects my privacy?

Sorry for the off-topic question, but I post here with some regularity and figure there might be other dads here who figured it out.

File: 1713731869899640.jpg (31 KB, 436x436)

31 KB JPG

>>101500255
>used
>switch may need O/S and/or licensing, we do not guarantee either

ok

>>101499964
>whatever the cost will be is worth your time or disaster recovery cost when relying on desktop grade hardware
wait, does buying a synology or qnap protect your data more than a homemade nas running trunas/unraid or something? does buying a $600+ nas system protect your drives from failing or what?

>>101500996
i'll send you the code and walk you through it you lazy fucking pussy

>>101500419
can you be more specific

>>101501020
Data loss happens more often than not due to human error (by the operator). The risks of doing that error are higher with undocumented and unsupported, DIY toys and desktop grade hardware.

File: 729859807.jpg (91 KB, 1024x698)

91 KB JPG

I need a low-profile bracket that fits the IBM 00JY932. Anyone knows where I can find it?

>>101501319
Buy a new 00JY932 card, I couldn't find the low profile sold separately for this model.

>>101501319
Just cut it, grind it and drill it to make a low profile out of that, easiest shit ever

>>101479096
>Do I need a compatible NIC to get a VLAN trunk on my machine, or any NIC is fine and it's all done software-side? (proxmox)
No and yes, any NIC is fine.

Though there are certain NICs specifically designed for virtual environments like for example Solarflare's. These support 802.1Q offloading and switching in hardware, which will drastically improve performance for guest-to-guest communication and packet handling when working with huge amounts of (typically small sized) ethernet frames. But we're talking about constant 10+ Gbit/s of throughput here, so nothing we would typically encounter in our home environments.

I’m quite confused with TrueNas scale, before starting with it, can I actually use docker cli with it or is it only via the gui?

>>101496879
>How will using the newest version of RHEL of windows server on an old power edge put your anime collections at risk ?
Not the person you're talking to (and probably not the point you're trying to make), BUT, newest versions of operating systems have more vulnerabilities than older still supported versions. I distinctly remember several wagecuck Anon's posts about his bosses shitting themselves over some CVE and him feeling smug because RHEL 7 and 8 were not affected, only 9 was.

Lads, I'm tired of not knowing why my Wireguard connection goes down for days/weeks every few months. It's been years and I haven't gotten any closer to resolving it. I'm about to burn this pfSense setup down and make my gateways Linux-based. My body is ready.

I don't have any fancy plans for server stuff, but I'd like to start maintaining backups. I'll start simple with 2 external drives in rotation. What is the choice software for dumping your whole PC's set of drives onto one big one?

File: proxmoxbox.png (179 KB, 2560x1239)

179 KB PNG

>>101479149
I was a chad as a teenager after that its all losing in everything but data.

I only have 10tb of data around 60% full with 1 offsite backup made monthly. I might have to leave so I am thinking of migrating my homelab to the cloud

>>101502544
Rsync
Rclone

>>101501044
I'm debating even making a facebook account and have been leabing towards making one, but was looking for tips on how to minimize tracking and maximize privacy while still be able to interface with local groups. Not sure if there is a popular browser extension or other techniques. But I swung back again tonight and am thinking I'll just be better off trying to go to events IRL rather than finding people through digital groups.

>>101503192
just make a burner account

>>101504104
*on a burner phone

>>101501030
Network Advantage Licenses for the C9300 (and any Cat 9k switches, as well as Cat 3k with the later IOS-XE images) are available via Smart Licensing only. Even if you had a Cisco ID with Specific License Reservation enabled, you'd still end up paying thousands of dollars for a license key because it's bound to the chassis serial number. That is, why these switches are up on Ebay for dirt-cheap.

I'm trying to use a cheap Windows laptop as my media server, just sharing an attached SSD with CIFS.

Is there a guide for configuring Windows to be a good media server? I thought I adjusted all the necessary power settings to keep the laptop active at all times, but it keeps going to sleep or locking.

File: Screenshot 2024-07-21 073444.png (28 KB, 1272x266)

28 KB PNG

>>101504650
stupid ass you can just enable it. smart licensing is not enforced contrary to what you read. i know you asked chatgpt for that answer because you dont know anything about cisco switching but it's wrong. this is my switch that i bought from ebay and put the following command on:

license boot level network-advantage addon dna-advantage

full features for months now.

>>101504959
Nevermind, fuck it, this laptop is being too much of a pain in the ass. I'm going to just put OMV on it instead, hoping that Windows itself is the cause of my issues.

>>101505308
Nigga how can you fuck up Windows
What version did you try?

>>101484359
>crowdsec
>blacklist also based on feedback
How does this work exactly?
Anyone could just report your IP as "malicious" and you get blocked forever?

>>101505134
It's just that not everyone wants to rely on expired trial licenses for his "Core" network. Currently you can buy brand new C9500-48Y-4C's for less then 10,000$ on Ebay. Last time I checked Cisco's Global Price List, these switches had list prices in excess of 250,000$. Are the sellers totally stupid? No, it's just that these switches are basically useless for their intended purpose if you are totally at the vendor's mercy to keep these things running. And that's why the market is pricing in a huge risk premium, because everyone knows just how fucked up Cisco's licensing system is.

They could break these switches with every software update, and they clearly state this in their documentation (and also in a disclaimer on every switch boot):
>Features can become unavailable if the communication with CSSM is lost and/or the device is not registered.
And they already did it once with the discontinuation of Trust based licensing, when they forced their customers to use Smart Licensing and Device Led Conversion. Too bad, if you happened to run an air-gapped network, because SLR didn't even exist back then.

Hmm Unraid is a subscription service. Openmedia vault is a clusterfuck, least it looks that way going by the website. XI Systems (Scale/Core) is free still. But for how much longer? I mean shit if you follow the trends sooner or later they'll move to the sub model or they'll get bought out/go public. Some big ass company shoves a pile of money in your face you'd be a fool not to strongly consider it after all. Plex is another one that's more in likely to get bought out or go public at the rate they're going now. So nutshell; enjoy the free ride while you can cause if the trends hold up the free ride will come to a halt and the alternatives are all shit.

I want to set up a proper management configuration for my rack. How should I do it? Management VLAN with a bastion host? Should I rely on SSH to switches, or get a console server or some rackmount KVM solution? What's the enterprise way?

>>101506698
Also, the rack is not located in a convenient location, so I'd prefer to remote in when possible, but I should have some way to unfuck shit at the rack, right?

>>101502430
>>101502544
>>101504959
You're all doing it wrong. None of this is enterprise-approved.

>>101506698
Management VLAN behind VPN only, or airgapped. No Internet access to the management VLAN. Separate VLAN for data.

File: Screenshot 2024-07-21 110250.png (27 KB, 1207x225)

27 KB PNG

>>101506227
you are a very high level idiot. the device doesn't brick when licensing expires. the reason the prices are so low is because you can not legally sell the devices and have them be supported or get an entitlement for them. if you already have a cisco account and can download code there is zero problem. i have bought several C9500-48Y4C-A devices and they are NO WHERE NEAR 250k. not even a fully packed 9606r chassis is 250k.

also would like to add that you dont know shit about continuity of operations on airgapped networks and i'm not going to expound any further on that statement for reasons

>t. network architect

File: blog-temp-seagate.jpg (59 KB, 560x682)

59 KB JPG

>>101494556
Not if you are on shitgate.

>>101494671
>>101494692
https://www.backblaze.com/blog/hard-drive-temperature-does-it-matter/
Dumb liars, it's not even about the actual magnetic information that fails, it's the increased wear of mechanical parts that hover over a platter just 3 water molecules in distance.

https://www.youtube.com/watch?v=NNzlxhDOhfs
I wish idiots would not talk about tech issues they clearly don't understand. Too cold is also an issue with some vendors like Hitachi. There are no ball bearings, the viscosity of fluid and hydro dynamic bearings of all drives is crucial for accurary and wear.
Read a science book, underage zoomies and gen alpha greenhorns.

>>101507249
Those failure charts are a bit wonky. They're based mostly on consumer desktop drive usage. Which frankly those aren't meant to run 24/7. They're cheaper than server drives for a reason. You get what you pay for. Now yeah if your adding data to your server at some insane rate year after year then the cheaper drives may be worth it; you'd hit your storage cap and be upgrading them all before the drives died.

File: Clipboard_07-21-2024_01.png (18 KB, 956x215)

18 KB PNG

Addendum:
Whilst there is only a strong correlation for 4 models these in fact will fail in the data centre because of temps.

Now you are inclined to say
>anon you are full of shit
But then again, do you run a data centre floor with AC that strips heat and humidity? If the answer is no, more drive models may be affected once running in temperature ranges that backblaze cannot even consider, because they regulate their own climate.

And now to the "experts" that say "you are fine anon, it's not 400°C in your home", "hurr curie temps".
Brainlets, you don't have a temperature-controlled rack with 21*C to 31°C air temps.

>>101507406
And you missed the points, all laid out here >>101507416
Can you learn to think outside the box?

>They're based mostly on consumer desktop drive usage.
Oh I forgot that enterprise hardware and FD bearings are not affected by physics, like "consoomer" hardware.
Grow a brain, you have none.

I have a GXT4 2000RT120. Do I have to pay $100 for the OEM rails or can I nig-rig something?

File: 36120270.jpg (434 KB, 1228x868)

434 KB JPG

I'm trying to install OMV on a laptop that lacks an ethernet port (Evolve III Maestro), and I don't have any kind of ethernet to USB adapter. I tried plugging in my phone into one of the USB ports to see if I could somehow pass along internet through it, but I didn't have any luck. Looking online, Linux needs the rtl8723du driver to access the network via this laptop's wifi, but that's not an option in the list of drivers on the OMV installation media.

Is there a way I can add the rtl8723du driver into OMV installation media? OMV seems to REALLY not want you to log in locally, as entering the default credentials just spits me back to the login prompt, so I think it needs internet/network access as it is installed.

>>101506949
that's called out of band management. people should become familiar with the term instead of trying to explain how it's set up.

>>101507805
install Debian12 using Debian12 full iso
>debian-12.6.0-amd64-DVD-1.iso
Wifi should work
Then install OMV
>sudo curl -sSL https://github.com/OpenMediaVault-Plugin-Developers/installScript/raw/master/install | sudo bash

See if that works

>>101508114
Such a shitty script. No stderr redirection. Deprecated use of

apt-key adv

. Enables SSH. Removes VSCode repo. Configures a Postfix mail server haphazardly. Possibly breaks apt-secure(8) configuration? Gives pi user and the current script user SSH access (backdoor). Makes mustard gas.
Do people not know what Ansible playbooks are?

>>101507805
XY problem. You're using a laptop and more impotantly a Realtek NIC. Neither are well supported or well suited to be used on a server. The real solution is to have a Broadcom or Intel NIC for management (Intel preferred), Intel or Mellanox NIC for data (Mellanox preferred).

>>101497340
>Next reboot your /etc/pve/ directory will be nuked
Another such incident from someone else yesterday: https://forum.proxmox.com/threads/etc-pve-empty-after-trying-to-change-hostname-possible-to-salvage-lxcs-vms.151490/#post-686221
and I had changed my hostname too.

What does and doesnt count as running on 'bare metal'?

>>101479836
i prefer Fortigates interface to Palo anyway.
I wouldn't say they're worth the extra cost.

>>101507249
>statistics
that's how you get to dumb conclusions like "money printing doesn't cause inflation".
For example, what if the hot drives got hot because they saw higher use, and the higher use was the actual cause of failures?
Or what if some early failure manifests itself with increased temperatures first? Or hotter drives were mostly located at some one specific datacenter, which saw higher failure rates for other reasons? Etc.
Statistics like that are meaningless.

File: Screenshot 2024-07-21 at (...).png (152 KB, 1270x712)

152 KB PNG

A full local backup of 62 VMs took ~35 minutes, a striped mirror (ZFS RAID10) of four enterprise SATA SSDs, SAS2 backplane. 196.83 GB of compressed backup data.
It's slow. I can't imagine ever wanting to use HDDs for backups.

>>101509833
oh no
an entire halfanhourino

>>101506949
What's best practice for allowing my workstation to access the management VLAN?

>>101510882
Firewall rules.

>>101510893
That look like...?

>>101510922
... ones that let your PC access the ports on the devices on the management vlan that you care about? As others have said, making the vlan accessible by vpn only is also an option, perhaps a better one because then you aren't creating rules for just one machine.

File: Screenshot from 2024-07-2(...).png (185 KB, 1297x715)

185 KB PNG

>>101510307
It's ~4 hours (?) and more for me, given what I had available.
>½ hour to backup 196.83 GB from the striped mirror pool onto the same pool
>remove four drives from four drive bays of the old server
>install four additional drives to a new server with eight drive bays
>1½ hour (?) to copy 727 GB of backups (including older backups) onto a spare SSD drive
>wipe striped mirror pool with boot partitions
>reformat striped mirror pool (without boot partitions)
>1½ hour (?) to copy 727 GB of backups from spare SSD drive onto the new VM pool
Backup over the network wasn't going to be feasible or any faster with what I had.
What's also fun is I had two sets of SSDs with the same 'rpool' name, and couldn't boot with all SSDs attached to the server at once.

Pic rel. (Don't buy Samsung enterprise SSDs, ever.)
Time adds up.

>>101507099
yeah we bought 9500s in 2020 for like 2.5k/each or something, shit was stupid cheap. optics were unfortunately all cisco but still a significant discount on those as well (not as cheap as, say, fs.com or just buying the oem ones but not list price)

>>101507752
Actually I see they're $50, but they only go up to 32" deep. I need more.

>>101511262
even at the highest discounts i really doubt that. you're probably looking at 10k from a non reputable third party reseller even today. each cisco branded 25g-sr is $1.2k list so your optics alone would be more than 2.5k even today with a 50% discount. you have to be misremembering. even buying GLC-SX-MMD at $600 list at 50% off you'd hit 2.5k within the first 9 optics.

>>101511585
I checked the quote. 5k per 9500. 10/25g sfps were 500 each. looks like we got conned into buying dna licensing too though so the true cost was 7k per switch before optics. our reseller is a Cisco partner.
We would've bought the 9300x but it hadn't come out yet lol

>>101506116
i imagine there's an appeal system

I have the modem and router downstairs. I have the PC and stuff upstairs. I cannot run an ethernet cable upstairs yet. I have a second unused router upstairs. Is there some way to make that 2nd router into a repeater without a wired connection? And then can I connect the PC to the 2nd router via ethernet to get internet from it?

>>101512663
>I cannot run an ethernet cable upstairs yet.
bro
just fucking do it
get a cable roll and literally roll the cunt down the stairs instead of fucking around with shitty patchwork solutions

File: file.png (761 KB, 1000x1000)

761 KB PNG

>>101512896
>literally roll the cunt down the stairs
alternatively spend like $20 on some 3m command strips and cable hooks and string it along the ceiling so you don't trip over it.

>>101512896
>>101512946
not him but if i run my cables in the ceiling i would need a really long cable. and ethernet cables are only rated for so much length before it slows down

>>101513019
so what
put a switch in the middle if you need to
stop making excuses

>>101507249
>>101507416
classic correlation and causation fuckup

drives get a little hotter when they're going to fail, it isn't the temperature causing the failure

>>101509833
>62 VMs
damn dude, what are you running?

File: Screenshot from 2024-06-0(...).png (42 KB, 351x792)

42 KB PNG

>>101513571
I've posted this screenshot with a small sample before. Currently nothing but Active Directory is functional due to expired TLS certs, only the bare minimal to migrate from Proxmox VE to VMware vSphere. Frankly I don't "need" any of the services at the moment, and I don't want to fix anything on Proxmox VE when it'll be redeployed and some re-engineered on a new greenfield VMware deployment later.
A lot of it is high-availability VM setups, on a single server. For example, HashiCorp Vault is 8 VMs. NetBox is 6 VMs. Then there's almost a dozen Ansible test VMs. Grafana, GitLab, Active Directory and tiered management VMs, Bitwarden.

>>101513019
300 feet (100m)
Stop making excuses

>>101513858
man bit confused. it looks like a massively impressive setup but is it all just homelab stuff and you're just learning things? or actually used for something? what's your total pool of disk space out of interest.

my router only has 2 ethernet ports
how do i split it into at least 8 so i can add multiple desktop with a cable rather than wifi?

File: Screenshot 2024-07-22 at (...).png (178 KB, 1280x1355)

178 KB PNG

>>101513571
>>101513858
Pic rel is the current reality.

anon@pve01:~$ ls -1 /mnt/pve/kawaii-vzdump/dump/*.zst | wc -l
216

>>101513964
>>101513964
>what's your total pool of disk space out of interest.
2 x 960 GB boot drives (mirrored)
4 x 960 GB vmpool (striped mirrors)
1 x 960 GB VMFS (leftovers from ESXi, to be migrated to a new server)
1 x 960 GB kawaii-vzdump (backups from former PVE server)
All are shitty Samsung SM863 datacenter SSDs.

>>101514023
>All are shitty Samsung SM863 datacenter SSDs.
...which I cannot reuse for vSAN 8, so they're on this pve01 node. No firmware updates available from Samsung.

>>101513971
Add a (managed) switch.

>>101514050
so what do you have planned for the future? sounds like you know your stuff but aren't really using it for much

>>101514067
>managed
what's the difference? i really just want a plug and play hardware. it's really nor for a server use and more about having my family's devices plugged rather than wifi

>>101514082
Easier to diagnose and troubleshoot a managed switch.
Plug and play isn't the best practice, but even most managed switches would work like that out of the box; you should at least do the bare minimum and change the default management passwords then.

>>101514082
don't get a managed switch if you just want to plug in more basic shit, get some little trendnet/netgear/tplink switch for like $20

>>101514082
Ignore the managed switch faggot, just use any old hardware you have lying around, such as old ISP routers and disable DHCP, or some $10 8 port Gb switch.

>>101514149
>>101514172
Thanks. I don't have any old hardware. Had to return my old router when I switched ISP and my new ISP only provided me with a 2 port router.
Time to buy a switch then.

>>101514071
>so what do you have planned for the future?
2-node vSAN 8 or Starwind VSAN Free cluster on Dell PowerEdge R740 servers, running on VMware ESXi 8. But at the moment I only have one R740 and R730.
384 GB DDR4-2933 ECC RAM per R740.
2 x Xeon Gold 6230 per R740.
Dell BOSS-S1 card.
Mellanox ConnectX-4 or ConnectX-5 SFP28 25 GbE for cluster traffic.
Intel, Micron or Kioxia SATA datacenter SSDs.

As for VMs that I'll use:
>Active Directory Domain Services
>Active Directory Certificate Services
>Ansible
>Bitwarden (with YubiKeys)
>DNS (BIND or Windows DNS, haven't decided)
>GitLab
>Terraform
>NetBox
There's some other nice to haves:
>Syslog server
>Grafana + Prometheus monitoring and observability
>HashiCorp Vault
>SCCM
>TFTP server for switch configurations
>EVE-NG
Documentation at Atlassian Confluence, online.

YubiHSM is a quite expensive purchase (upgrade) for ADCS, that I intend to purchase at some point.
Formerly my Internet-reachable DNS servers didn't support dynamic updates for Let's Encrypt DNS-01 challenges, so I still need to sort that out before moving on. I've already migrated from NSD primaries to BIND for this.
Formerly I had a self-issued certificate authority (CA), but it's a pain to manage at scale manually.

I don't know yet what I'll do with the R730. Probably backups or Ansible / Terraform to control the R740 servers, or sell it and replace with an R740. R730 is end-of-life.

I'm a bit frustrated I don't have Active Directory, Windows 11 (LTSC) and Bitwarden available at the moment / soon. Those are my biggest pain points right now, but a lot of baseline infrastructure needs to be redeployed before that's a reality for me.

>t. enterprise anon

>>101514252
very cool. is this all hobbyist stuff or you do it as a job too?

>>101514318
Both!

File: shelf.jpg (81 KB, 1500x929)

81 KB JPG

There's no way a chinesium shelf like pic related can actually hold 110 lbs, right? How much weight should I trust it with? Also, do shelves like this take up a U?

>>101514445
use a 4 post shelf or dont use one at all

>>101514479
Do they take up a U space? Or can I use them to stack a few servers without significant gaps?

>>101514445
i wouldn't trust that thing at all. 110 lbs? with those 4 tiny screws? lol

>>101514445
For comparison, 2U StarTech CABSHELFV has a stationary weight capacity of 22.6 kg [49.9 lb] and a 2U StarTech CABSHELFHD has a stationary weight capacity of 124.7 lb [56.6 kg].
You'll be fine.

How hard is it to get up to speed with RHEL? I'm thinking about using some of the free licenses they offer and switching my servers running Ubuntu Server and Proxmox over

>>101514597
>How hard is it to get up to speed with RHEL?
how quickly can you deepthroat 12 inches of plastic?

I love you, home server general anons

>>101514597
If you know Ubuntu or Debian, it's not very different besides for package management and some default settings that favor legacy compatibility over strongest security. I wouldn't suggest it being easy to switch from Proxmox VE or another hypervisor to RHEL for virtualization, however.
RHCSA certification and RH124, RH134 training courses can get you up to speed.

File: clear floor server closet.jpg (352 KB, 1323x1764)

352 KB JPG

I cleared the server closet and now you can just walk in there without making space to plant feet to. Also tried some QoS and rules and somehow kube cluster broke. Could be related, like Antrea having dependency on the clutter.

>>101514843
We love you too uwu

>>101514936
Show us the picture after cleanup.

File: ikea server shelf.jpg (415 KB, 1512x2016)

415 KB JPG

>>101515102
Here you go. I didn't even call it cleanup just clearing.

>>101476824
What's the best torrent software (with WebUI) to run on my home-server?
I don't want any of the additional gay shit that scrapes torrent sites, just something simple that I can run in a docker container and use to download torrents (with SOCKS5 support).

>>101515234
nice

How do I connect two ethernet cables to make one long ethernet cable? will the speed of it degrade? Longest one I can find in store is 100 feet or 30 meters. I need a bit more than that.
Don't really want to buy the 1000ft one for $250 and custom cut it to size.

>>101515654
>How do I connect two ethernet cables to make one long ethernet cable?

https://www.amazon.com/Coupler-Dingsun-Ethernet-Extender-100BASE-TX/dp/B0CHG2DRY3

>>101484112
>sha1
>rsa
>aes-128-cbc
>3des-cbc
but why?

>>101516015

~ ssh admin@$switch_ip
Unable to negotiate with $switch_ip port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
~ [255] ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 admin@$switch_ip
Unable to negotiate with $switch_ip port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
~ [255] ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 -o HostKeyAlgorithms=+ssh-rsa,ssh-dss -o PubkeyAcceptedAlgorithms=+ssh-rsa admin@$switch_ip
Bad server host key: Invalid key length

The rest was just ChatGPT handing out random bullshit

>>101513019
>in the ceiling
https://www.ebay.co.uk/itm/354684900786

nigga it's not the 1950s anymore, you could find ways to route it around and mask it with plenty of length

>>101517024
>>101512896
if you own the house, a more permanent solution is to just run the cables through the walls like everyone else.

File: images.png (3 KB, 321x157)

3 KB PNG

so netflix decided to drop their partnership with tmobile, hulu is raising their prices, and some other streaming services aren't free anymore. its time to start pirating again.

I setup jellyfin + sonarr/radarr/jackett/ombi and have them working at a basic level. is there anything else I should know when using these?

>>101515667
NTA those couplers are not applicable for permanent links / horizontal cabling, simply because horizontal cabling (> 5 m cable lengths, up to 90 m) has female jacks at both ends.

>>101484112
>>101516068

crypto key gen rsa mod 2048

. I don't think RSA 1024 keys are supported by default since OpenSSH 7.6.
Oh wait, you're not using a Cisco switch. Sucks to suck. Use openssh-client-ssh1, or

-o RSAMinSize=1024

on Red Hat distros.
https://access.redhat.com/solutions/6973518

>>101517877
Replace Jackett with Prowlarr (better integration, much easier setup, familiar UI of ARR apps, easy integration with Flaresolvarr) and Ombi with Jellyseerr (Uses your Jellyfin credentials, easier to use and better working from personal experience).

Oh, and use the official Jellyfin Docker image (not Linuxserverio one) if you want easier time with hardware encoding.

>>101518336
thanks. any benefit to hardware encoding if I don't plan on doing any transcoding? Also, how can I get radarr/sonarr to move the torrents after downloading instead of copying them? right now, I have duplicate media, one inside /media/torrents and inside /media/movies etc.

File: 1721648538190.jpg (269 KB, 640x640)

269 KB JPG

How good are NAS motherboards? You can get pretty cheap ones on aliexpress with cpu and everything included

>>101518388
This gets asked every other thread and every time the response is that N5105 platforms have I226-V desktop NICs with broken EEE firmware, not suitable for servers.

>>101518388
those have dodgy ethernet ports (look up i226v bugs)

>>101518355
>any benefit to hardware encoding if I don't plan on doing any transcoding?
Then no. I often watch from outside my house and being limited to 20MB/s upload speeds I often transcode my 4K files to fHD.

> Moving instead of copying
Set it to use hardlinks by default. That way the files remain in your torrents download folder (can continue seeding) and are accessible from your media folders without doubling your storage requirements.

>>101518400
Maybe it should be put on the wiki/copy pasta for the thread

File: ss.07-22-24 (1).jpg (1.17 MB, 2497x852)

1.17 MB JPG

>>101518421
thanks. im glad setup on these is super simple. jellyseer up & running with sonarr/radarr

File: 2024-07-22T14:12:29,44877(...).png (365 KB, 683x595)

365 KB PNG

>>101515327
I can recommend qbittorrent, it has a lot of features but you dont have to use them. You could also try rqbit, i havent tried it but have heard good things. Also they dont have official docker images

>>101515654
In theory everything cat5 and up should have no problems with 50M length, assuming you are only going for 1gbit/s. If you want a permanent installation, i would strongly recommend getting an adapter box like picrel. For temporary setups
what >>101518269 said

File: 1700663708727485.jpg (3.7 MB, 4032x2268)

3.7 MB JPG

>>101518388
I've got one of these, a CWWK model with an integrated i7 1165g7. So far haven't had any issues with the NICs, and I have them in LACP LAGG and have been running it for 2 months without issue.
https://cwwk.net/collections/nas/products/cwwk-11th-generation-core-i3-1115g4-i5-1135g7-i7-1165g7-six-bay-nas-board-4-network-2-5g-6-sata3-0-2-m-2-nvme-sff-8643?variant=45562328350952
These are fucking beastly honestly, although a major oversight was not including a tb4 connector despite the CPU being able to output tb4.
If I could do it all over again though, I'd get a barebones ddr5 kit in the form of the Q670, since it has vpro and all that jazz

>>101518634
>picrel
i dont know what that box is called

>>101517024
I need to route it in the ceiling since it needs to cross a couple of doors. Even if I use that it becomes a trip hazard.

>>101517855
I don't own a house. I'm renting.

>>101519261
Just search for cat6 connection box, you should find them. You also need a punch down tool to install the cables, some kits have them included or a small flat-head screwdriver can work as well. Oh and if you have pre-terminated cables they may not be fully color coded and can be a bit fragile, since they are not meant to be opened up. It shouldn't be too difficult to figure out

>>101518388
we are getting this question regularly: >>101439113, but to reiterate
>JMB585
those SATA controllers that could cause IO errors
Rule of thumb: avoid any SATA controllers, that includes JMicron, AsMedia, Marvell (somehow not a single manufacturer can make a reliable controller).
If you want more SATA ports, use a PCIe HBA in IT mode.
Dodgy networking and storage is something you do not want on a NAS.

>>101519696
Aren't SATA card technically PCIe HBA cards?

>>101520042
probably, i should have been more specific: PCIe SAS HBAs in IT mode (stuff like LSI SAS2008/SAS3008-based cards, they are compatible with SATA drives)

What are some cool thingies you could plug into your server's serial port?

Are there any hardware requirements that I should be aware of if I'm planning on building a truenas backup server? I have an old pc build from years ago that has an old i5 and 8GB of DDR3 ram, but I've read its better to have 1GB of ram for every TB and I'm planning to get 4x16TB for raid z2.

Is it better to buy two SAS HBA card with 2 ports each for 16 SATA ports total OR one SAS HBA card with 4 ports? Or does it not matter? I just need 16 SATA ports max.

>>101520522
desktop ddr3 era pcs don't make good NAS systems from my experience, zfs eats RAM in the form of ARC and you'll hit the 32 gig limit of ddr3 very rapidly. Most of these desktop pcs also miss m2 slots for nvme drives which can dramatically increase your transfer speeds via L2ARC. Also you're super limited on PCIE slots and lanes.

>>101520752
>for
or*

>>101520756
not him, but if it's just for backing up stuff then speed shouldn't matter that much, right?
im kinda in the same boat as him, i have an old desktop and need a file storage server.

>>101518307
>-o RSAMinSize=1024
Holy shit, thanks. That did it.

>>101520823
Yeah if you're looking for just backups you'll be fine with that. You can check out this video https://www.youtube.com/watch?v=95rGgyGQ5rI for some zfs configs in regards to zpools, vdevs and shit.

>>101520850
>>101520823
>>101520752
>>101520400
>>101520132

new thread you guys:

>>101520926

>>101520926

>>101520926

>>101520400
Opengear.