I love you, Home Server General anons

>>102087398
we love you too, anon!

How much of a risk is it to allow my DMZ subnet to access the local DNS server (Unbound) instead of forcing e.g. Cloudflare or Google?

Fellas...what's a VPN that will let me download wireguard config so I can run it in a torrent container

>>102087614
lots of them. i recommend mullvad.

>>102087614
how do you make sure the container only connects through wireguard and doesn't leak your real ip

>>102081778
>I just don't know how to link them together.
with cgi.
google whatever webserver you use + cgi

>>102081778
>What are the most common pitfalls?
command injection, ie running arbitrary commands on the host. especially dangerous here since you need root privileges to change linux passwords
>what steps can I take to avoid botching it?
sanitise inputs, ideally the webserver should do this as well.
use parameter expansion, declare all environment variables in the script, quote fucking everything
probably more shit ive forgotten, you can dump your script into shellcheck.net to test

>>102087605
use a firewall that only passes dns if you really need to

currently hosting
>gitea
>syncthing
>nfs
>cockpit
what else worth hosting?

File: Screenshot_20240824-110931.jpg (191 KB, 932x786)

191 KB JPG

>>102087392
I love you too, dad. I'm sorry it ended the way it did

File: 1724470400980474.jpg (263 KB, 1046x1566)

263 KB JPG

I made my own file hosting site cus I don't like URL tokens. Nice and simple to use

files.shoegaze.party

>>102088205
killswitch option

I changed my router's WiFi channel and the WiFi in my bedroom now seems much better. Hopefully this isn't just a momentary thing. Previously the signal was very patchy at certain times so I thought it might be experiencing interference with the networks of nearby houses.

Yes I use WiFi because powerline connections are shit in my house, and ethernet is not practical.

>>102088205
firewall rules in the container
network policy in the orchestrator
wg interface selected in the torrent client

>>102089020
>gitea
>not forgejo
>cuckpit

>>102089205
dont go there anons its a trap to find your poorly secured home servers!!!

>>102089020
depends what you want and need.

i e.g. use my nextcloud, wiki.js and jellyfin often. also think about setting up stuff like immich and paperless (ngx)

>>102089866
>forgejo
wtf is this
is this even english

>>102089020
host your own workstation vm for maximum bandwidth to your nas

>>102090235
What do you guys do that needs so much bandwidth beyond 1G 2.5G 10G?

I want to get a disk shelf to attach more drives to my NAS. But the NetApp although a good option is gonna be power hungry and loud.

I was looking to build my own custom disk shelf but it would cost almost twice as much and couldn't have hot swappable case like a netapp would

>>102090257
I hoard data (read: porn) so I'm constantly moving stuff around and also editing video files and shit like that. Nowadays all drives, even mechanical ones can easily exceed gigabit's bandwidth and unfortunately I can't easily get 10Gbit gear here

>>102090294
See i heard as well, i'm always moving files around and while I do it from my workstation they don't (typically) go via my workstation.

gitea or onedev?

>>102090340
>onedev
hadn't heard of this but deployed forgejo recently (used gitea in the past) and i'm happy with it.

>>102090373
do you use ci/cd?

>>102090320
>they don't (typically) go via my workstation
but when they do then you run out of bandwidth

>>102090432
Yes but i use another solution for that (argo workflows) although I am thinking about evaluating forgejo actions

Lads, want to move a proxmox node (in cluster) boot drive to a different machine (Intel > Intel), anyone done it before? How likely is it to fuck up?

I want to turn my raspberry pi into entertainment system.
What is the best way for playing music from local files and to access spotify?

>>102090973
Multiple times
I'm assuming you're just moving the drive to another 'puter
Make sure:
>Also move any other drivers that hold VM data

Also, most likely your NIC's name will change so you'll have to adjust it in /etc/network/interfaces

Everything else should just werk

>>102091033
You're trying to build a client so not home server related
>>>/g/fglt

>>102091090
Aye, dell sff with a 7500 to another dell sff with an 8600.
Thanks for the answer. Will it cause any issue with qourate?

>>102083076
>Do you guys also use enterprise drives for your OS drives?
Yes, because I need firmware updates and write endurance.
>I was just thinking of buying a Crucial MX500 because it's so cheap.
Nope.
>But I hear that Proxmox eats consumer SSDs.
Yes, and so does any VM workload and copy-on-write filesystems too.
>Samsung 870 also isn't considered enterprise but I hear good things about it.
Nope. Not here.
>WD Red SA500 is my last choice, it says it's an enterprise drive and the same price as the Samsung 870.
What the hell? This is not an enterprise drive. There's no power loss protection, it's an SSD for "write once, read many".
>Which to pick?
Neither, if you love your data with consistent fsync performance, data availability and write endurance.
>Also I'm not 100% sure if it's Proxmox's fault for making lots of writes on the drive or if it's ZFS.
Both. Proxmox writes cluster logs and graphs very often. ZFS' copy-on-write (COW) amplifies the write factor.

There are a few go-to brands for enterprise SSDs, but WD, Corsair aren't one of them and Samsung's consumer lineup is not appropriate.

>>102091115
>dell sff with a 7500 to another dell sff with an 8600
Yah, most likely you won't even need to change eth's naming at all.

>Will it cause any issue with qourate?
Highly unlikely

>>102091282
Superb. Much appreciated anon

File: gartnermqfigure1.png (41 KB, 1900x2034)

41 KB PNG

>>102089020
A better Git / DevOps tool. Pic related.

>>102091242
Yeah, I don't care. I bought a Cricial MX500. I learned to ignore people that type like you ever since you fucking told me to buy 'enterprise hardware' that I had to resell since it was so fucking noisy.

>>102091391
Enterprise SSDs don't make sound.

>>102090257
SATA 6 Gbps.
SAS 12 Gbps, 24 Gbps.
Cluster traffic.

Of course client devices (laptops, desktops) get plugged in to 1 Gbps access switch ports and firewall, that's enough (unless you're accessing large video files remotely from a headless NAS live in a video editor).

>>102090340
See >>102091371.

>>102091371
RedHat and VMware considered "challengers" lmao. who the fuck actually believes that shit? VMware and RedHat are not more "able to execute" than AWS, GCP, and Harness.

>>102091533
Whoever makes a more convincing presentation and argument to Gartner's analysts, and supports a wide variety of use cases and enterprise environments (seats), gets scored higher.
MQs themselves are a de-risking tool for the reader, not something to solely make purchase decisions on.

>>102091435
Yeah, I don't care

>>102090973
I've done this. You can fuck up slightly if you have two different Proxmox VE installations, ZFS boot drives with the same pool name (rpool). If you try to boot them, it'll not work, find there's duplicate pool names and you may end up with some corrupted rpool data (GPT mismatch errors). Best to reinstall the OS fresh and migrate VMs over, either with a cluster setup or vzdump backups.
Do not rename your PVE hosts after the initial install. You'll brick pmxcfs, services won't be able to start and you won't have access to the

/etc/pve

directory, standalone node or not.

Mind you, I've used generic ABI v2 CPU type everywhere and didn't have any VMs with host CPU type that could not be live migrated. Homogeneous environment for clusters.

>>102091811
No zfs in my setup, just an nvme on ext4 and a ssd for lvm.
There is only 1vm on that node (opnsense) + 2 lxc's for pihole/adguard. CPU is set to host for opnsense - will that be an issue?

>>102092198
>CPU is set to host for opnsense - will that be an issue?
It can't be live migrated, must be shutoff prior to migration.

File: Screenshot_20240826-104812.png (206 KB, 1080x2400)

206 KB PNG

>>102087392
does anyone have experience with GNUnet ?

https://www.gnunet.org/en/about.html

File: 1724683852614.jpg (69 KB, 1080x616)

69 KB JPG

>>102092328
sorry, wrong photo

is there a web interface (like dropbox/gdrive) that works with samba shares? (or plain nfs shares, hell, even plain directories)
I want to let my family backup their stuff the easy way
I could do seafile but the non-plain file storage doesnt sit well with me

>>102092339
OneDrive?

>>102092374
huh? the microsoft thing?
I mean self hosted

>>102092295
Cool thanks

>>102087605
You're still playing DMZ? I thought Activision basically removed it from WarZone

>>102092339
literally any web file manager anon
i think you're overthinking things

>>102092499
>web file manager
https://github.com/filebrowser/filebrowser
this would be really comfy with some UI modifications

>>102089020
https://github.com/hay-kot/homebox

Big n00b xd leet speak I'm one of you here. How safe is it for me to set up something hosted on my local network for sharing with other people publicly? Even something like a Minecraft server where I need to share my IP for them to connect? Doesn't giving this out mean they can figure out other ports that are open or get into my network other ways? Or am I being paranoid and it's not actually as dangerous as I think it is?

>>102091720
This is wrong. It's whoever provides them more money. It's pay to play.

>>102092783
this looks neat, will try to make it work

>>102090257
40Gb ethernet is cheaper than 2.5Gb and same cost as 10Gb, and 1Gb is slower than a decent internet connection

why be slow?

Hello anons of /hsg/ it's me, digikam anon from yesterday.
I'm gonna try to run immich and see if that works for my family to be able to look at all the photos. It takes care of creating / storing credentials, generates thumbnails, album views, etc.
I'm also considering writing an nginx photo album config file, I think there's a module that would generate thumbnails and create a basic gallery webpage.
If anyone has any suggestions as how to share photos with tech illiterate people like my mom and dad in a secure way, please let me know.

>>102093305
just dont have any open ports besides minecraft
what are they gonna do

>>102093305
I mean yeah they can nmap your ip but if you have any reasonable amount of security, like literally any kind of firewall, you'll be fine. If your only port is minecraft (it should be) then there's nothing they could do. Even if you have ssh port forwarded you can really just enable fail2ban or turn off passwords and use ssh keys, which you should already be doing.

>>102093305
The answer depends on
- how your network is set up
- how the service is hosted
- what the service is
As a concrete example, a remote code execution bug in minecraft (or a mod) could allow an attack to take control of the machine running it and from there compromise the rest of your network.

File: happy.gif (1.97 MB, 540x304)

1.97 MB GIF

Bought my first ever domain

File: 1706724080824008.jpg (337 KB, 647x647)

337 KB JPG

>dude my intel uhd 630 can stream 2 4k stream no problem
Literally how? Mine feels like its gonna go nuclear with one laggy stream

any ways to give 10g to a board that only has 1 x1 pcie slot and 1 nvme gen 3 slot?
it has usb3.2 gen 2 but i think that caps out at 5gig. there are 2.5gig usb dongles but id rather try to get sfp+ right away.

File: redis.jpg (276 KB, 1299x923)

276 KB JPG

the current state of redis

>>102096112
can't speak to the others because i was only looking at doing this with USB the other day, USB 3.2 Gen 2 is minimum 10G
USB 3.1 Gen 2 is 10G

>>102095023
Congrats anon.

I don't understand how to publish my shit with caddy

>installed proxmox on a 5.4k rpm hdd
>slow as fuck
please tell me theres a way to make it run faster.

>>102097335
>please tell me theres a way to make it run faster
install a dark theme

>>102097335
>installs an os to a slow drive
>complains it is slow
the only way to make it faster is to load the entire OS in ram. Worse yet it's pointless if your VM's are stored in the same drive

>>>/g/sqt

anyone that use self hosted bitwarden, know if I can host one over a vpn instead?
I don't need a certificate or exposing it to the internet but I already have wireguard setup to remote into my network and would like any client device to be able to access bitwarden from home.

Does it work like this?

>>102097457
>the only way to make it faster is to load the entire OS in ram
okay, how?
>Worse yet it's pointless if your VM's are stored in the same drive
lol
it is

my SSD drive doesn't come until next month. so i have to make do with an old laptop hdd i manage to salvage.
i just want to play around with settings before really getting into it first and i dont have the patience to wait till my ssd arrives. but it's so slow that it's making it impossible

>>102097495
>anyone that use self hosted bitwarden, know if I can host one over a vpn instead?
Yes, you connect to a VPN server on your firewall first to grant access to resources on your LAN where Bitwarden resides.
>I already have wireguard setup to remote into my network and would like any client device to be able to access bitwarden from home.
What's the problem then (besides using an experimental VPN technology intended for non-production use cases)? You'll connect to your VPN and access your LAN resources, including Bitwarden.
Forward your DNS request traffic to your internal DNS, via the VPN.
ACME DNS-01 challenges if you need an X.509 certificate from Let's Encrypt internally.

File: file.png (960 KB, 1342x755)

960 KB PNG

>oh hey a video on yunoho-

>>102097580
>it is
pointless, it'll still suck just wait for your ssd
if you can't wait virtualize proxmox on your pc and play there

I fucken love Home Server General. Its the top kek thread on /g/.

>>102097252
>he cant set up the absolute easiest webserver to configure
please elaborate anon
your caddyfile can literally be 3 lines and it'll work

>>102093305
there are bots that scan every single IP address and open port on the internet constantly

you can scan the whole internet yourself in a few hours on a fast connection

it's only a problem if you're exposing insecure software

>>102096112
there are m.2 to pcie slot adapters, and there are 10Gb cards in m.2 form factor (kinda expensive though)

>>102098662
>the whole internet
the ipv4 address space

File: IPv6_ready_logo_phase2-8bit.png (38 KB, 367x439)

38 KB PNG

>>102098695
my bad, should have said "the relevant internet"

Is there a step by step guide on how to set up and use proxmox?

>>102091033
I like navidrome. A lot of people like plex pass still, despite it's paid and proprietary nature.

File: file.png (784 KB, 1062x630)

784 KB PNG

>>102087392
someone shoot me in the fucking head right now
i just cooked my spare wyse 5070 because i thought that a regular dell-branded x550 pci card would work normally, but NOOOOOO apparently Dell used duplicate fucking smbus IDs and i didn't read every page of the 5070 thread on servethehome prior to slapping it in
at least my x550 still works... i'm just now down a fucking thin client. flashed it to the intel firmware with my old HP t730 router box but the damage is done
fuck i feel so stupid

File: 1720843597948419.gif (1.96 MB, 286x400)

1.96 MB GIF

Redpill me on Quadlet.

>>102099014
https://pve.proxmox.com/pve-docs/pve-admin-guide.html

>>102099484
thanks but too late
just bought a lifetime subscription to unraid

>>102099304
What does this have anything to do with servers?

I've concluded jellyseerr+radarr+sonarr+jackett+whatevarr is a meme

>>102098662
>you can scan the whole internet yourself in a few hours on a fast connection
Hours?
You can use something like masscan and scan all routable IPs in about 5 minutes.

>>102099635
>jellyseerr+radarr+sonarr+jackett+whatevarr is a meme
Haven't played with radarr or sonarr yet but fucked around with readarr this weekend
> ebook management
> will pull ebook metadata from a 3rd party
> will notify of new books in a series
> will download them
But the Readarr project has several fatal flaws.
> the meta data server has been broken for almost a year
> project owners know about it, posted a note to their Discord
> raise the issue on github and they get pissy and close your thread
> the effect of the bug in the meta data server is that you can't add books for authors that have "too large" a catalog
And, the best: the meta data server they're pointing to had its domain expired: api.book.club
The whole project smells of "fuck you, works for me" and abandonware.

File: 3589729__76663.1717179271[1].png (378 KB, 1280x1280)

378 KB PNG

Was going to get into /hsg/ with a couple of old laptops I just retired, but then I got gifted an old Dell Precision T5600 from like 2012. No graphics card in it currently, but supports up to 128 GB ram, two Intel Xeon E5-2600 family processors

Would it make a good homeserver, or is it so old that energy consumption would be stupid high?
What else could I do with it?

File: file.png (115 KB, 1453x526)

115 KB PNG

>>102099761
depends what youre planning on using it for.

>>102099670
if you want to scan a single port and can push around 15 million PPS, sure, maybe you can do it in 5 minutes

>>102098155
dubs and i scrap my whole proxmox install and install windows datacenter or some other horrible shit on my server

>>102100144
winrar!

>>102100144
Can't trust anyone not even yourself
>>102099542
it's a router, shit is mentioned in the op

>>102099761
I have less and mine works.
E5-1620 v4 CPU and 64 GB of RAM. Going to upgrade the CPU for a E5-2690 v4 for more cores. I need more VMs.
If you already have the parts then go ahead. But if not then try looking for a newer one with more in it.

File: Capture.png (162 KB, 617x607)

162 KB PNG

>>102098662
You can get a mellanox x3 10gb PCIx4 card for like $25 shipped on ebay. Don't listen to enterprise, these cards pretty much run the world for past 10 years. You won't find a more reliable network card.

Then you can buy a chink shit pic related to connect it to your MB. It will always be hard to get the network card to line up, but I just removed the metal bracket and ran the SFP cable inside my server. I have taken my server out at most like once in 6 months so its a good tradeoff to save replacing an old motherboard.

File: m2SFPplus.png (130 KB, 950x397)

130 KB PNG

>>102096112
You can do all sorts of crazy bullshit with an m.2 slot. Enterprise never made a 'convenient' connector so chinks just keep making shit for m.2

>>102100144
rip

>>102100354
Don't do that nonsense unless you have to. There are dedicated cards that connect with a sas/sff connector on the m.2

>>102100231
>>102100253
>>102100437
cant get my fucking nic to get detected so im considering just doing it to download the windows specific drivers im not allowed to have otherwise
thanks dell

How do I get it so my PC recognizes the PCIe adapter with an M2 NVMe as my boot drive?

>>102100727
have you tried just plugging it in?
as far as I know m.2 is just the form factor and it is electrically compatible with a PCI-e slot so you wouldn't need to do anything else unless your motherboard isn't capable of natively booting off nvme's

>>102100437
Just curious, whats wrong with the m2 to PC adapter and putting a proven network card it in?

I'm not trying to argue with you, but converting the m2 pins to a PCI slot is something I trust the Chinese to do. The Network card itself I'd rather have something with a LONG track record of proven reliability like Mellanox.

While the Intel82599EN chip is well thought of? Have you used that card before?

>>102101066
The main issue is the ribbon cable. It's only so long and is directly attached to the m.2 board. Though it would be better for escaping under other components.
If you wanted to use an existing card, I think either
>m.2 with pcie on it and use a riser cable
>m.2 with sas/sff/oculink connector and a separate pcie base
With the one I posted, it can still be used if the motherboard is under all expansion slots or encouraged to live somewhere less ideal.
I have not used it however, so maybe the chip is trash. But it also serves as an example of m.2 nonsense.

>>102101294
This is sound reasoning. My googling skills are apparently inferior to yours, all I could find was what I linked to. Been working great for over 6 months. I'm partial to the Mellanox cards because they've been very Linux friendly over the years, and run pretty cool compared to the old Intel 4 series 10gb housefire cards.

Ill use the one you linked in the next life!

File: 1712270365996236.jpg (41 KB, 400x524)

41 KB JPG

>>102100144
Nice job king. Go buy a RHEL license lmaooo

>>102093434
>40Gb ethernet is cheaper than 2.5Gb and same cost as 10Gb
cisco nexus anon?

does seeding just not work with a vpn without them offering port forwarding? ubuntu iso ratio is .01 after a really long time

>>102101907
if youre not port forwarded, you can only seed to peers who are.

>>102101669
aliexpress is carnage plus a month of waiting.
I went looking for a riser cable for my stupid project and not only did I have issues divining the correct words for what I needed, a listing on newegg was cheaper than anything close to what I was looking for.
Ebay adds tip and may not be any faster.

Hopefully we're all on sfp28 in the near future.

>>102101907
correct
I even made a script to do so for mine but qbittorrent still says I'm behind a firewall and I hate networking so it's never going to be solved. I still seed some stuff but it's not as much as I would like.

>>102093696
LATE NIGHT BUMP
As a final update, I got my album hosted via an nginx static site using this dude's repo.
>https://github.com/forrest79/static-nginx-gallery
I didn't know that you can use xml to generate a static site, that's pretty neat. nginx can even generate thumbnails automatically, I had no idea.
I told my family, my sister is sifting through all the old pics right now and I'm gonna show my mom tomorrow. Pretty cool to have my server be useful for other people, for once.

>>102095023
What domain?

>>102101066
>Intel82599EN chip is well thought of?
its the chip used on x520 series
chinks have an abundance of them since they went eol last year and are literally just reusing them in new board designs

>>102087392
>pic
disgusting and wrong propaganda

File: Screenshot_20240827_015606.png (38 KB, 1560x595)

38 KB PNG

Linux noob and home server noob here, what the hell happened? I just started a home server tonight. The most I've added were 3 movies I added to jellyfin and my storage is 100% full? I added yacht (which worked once, then I added firewall to the server and it stopped connecting even after i turned it back off) and the server updates and thats it. Anyway to get more details on storage outside of the terminal? I have almost no idea what I'm doing lol

>>102087392
Why do you want to have a machine that you need to maintain and so on?

File: Capture.png (32 KB, 1588x443)

32 KB PNG

>>102104448
a better view of my overall strorage and partitions. I've had previous distros on this laptop before the server but I've always picked clear entire disk. I"ve clearly done something wrong though

>>102104448
just use the terminal

File: 221d8443c8787824.jpg (47 KB, 622x615)

47 KB JPG

>why yes I've setup immich without docker, how did you know?

>>102089167
I forgive you, son

>>102096048
are you actually using the iGPU for transcoding or are you transcoding via software?

File: 1713638813803671.jpg (77 KB, 768x704)

77 KB JPG

>just switched to T-Mobile fiber
>They use cgnat for ipv4 addresses with no ipv6
>Ip isn't static
Uh...now what? DirecTV stream is probably the worst offender here vs my server shenanigans because it bases the streaming off your IP matching your billing address and it keeps jumping around. Like damn am I gonna need to sign back up for Comcast?

Am running OPNsense with a separate network for my homeserver. Now i want to lock down the possible outwards traffic.

this is easily done for static targets like debian or ubuntu repositories, but how do you guys manage your rules for e.g. docker hub with rotating ips?

>>102105279
you could rent a VPS with static IPv4 and IPv6 and use a tunnel to forward everything to you

>>102104448

its normal that the LVM partition looks full from the outside - its reserved disk space.

the actual free space can be found in your lvm volume (named fedora). you have 16GB assigned and 111GB unformatted data

Excuse my retarded question but I have installed OpenWRT on my router. It's now displaying two devices:
> radio0 (802.11ax/b/g/n)
> radio1 (802.11ac/ax/n)
Does this mean they have different capabilities? E.g. radio0 supports wifi 6/1/3/4 and radio1 supports wifi 5/6/4?

>>102105614
>Does this mean they have different capabilities?
yup, you're right. the ax/ac/n/g/b are all WiFi standards
wikipedia has a nice table for them what shows what WiFi generation they are from as well as supported frequencies and link rate
https://en.wikipedia.org/wiki/IEEE_802.11
spoiler: you probably want ax

>>102102633
https://www.meatspin.com/

So before I commit to buying the gear, just want to check if my plan is alright. I plan to get a Flint 2 and flash openwrt on it, I'll create 3 vlans, 1 for trusted 1 for IoT and 1 for Guests. I can pass all 3 vlans as a tagged trunk to a managed switch. This managed switch will pass the IoT vlan untagged on port 2 to a vlan unaware asus router on stock firmware configured in AP mode. Port 3 connects to another managed switch where I will configure 2 ports as vlan trusted and the 3rd port as IoT. This setup will work right?

>>102105614
radio0 is 2.4ghz
radio1 is 5ghz

>>102099635
I prefer to take my time to find the best copy on private trackers/usenet, especially for films, and thus radarr is hardly useful to me. There are too many unique cases for set it and forget it rules. But for airing TV or pulling TV seasons from usenet I can see sonarr being useful. Additionally if you have relatives who use your jellyfin they might be able to use jellyseerr to request what they want without having to ask you every time.

>>102099761
Too old (Windows 7 era), e-waste, throw it in the bin.

>>102100041
Another e-waste setup here.
>Enterprise repository needs valid subscription
No security updates for you.

>>102106654
If you're setting it up for other people to use then yeah.
Incidentally, is there a simple way to open torrents in a bittorrent client running on a server from your pc? Like I can open transmission's web interface and add it through that, but I'm wondering if there's a simpler option that acts like a bittorrent client on your pc but actually sends the torrent to the server.

File: Screenshot_1.png (14 KB, 1224x887)

14 KB PNG

>>102100231
>>102100253
>>102100437
>>102101818
this is so fucked up why are you guys making me do this

>>102106805
There are many options depending on what client you have, off the top of my head, rutorrent, flood, transgui, transmissionic. I use trguing and rutorrent.

Thoughts on Chinese networking equipment like TP-Link?

I think I might try to avoid it and instead use tech from American or Taiwanese companies

>In 2008, Marines stationed in Iraq stopped using Lenovo tech after discovering data was being transmitted back to China. The U.S. Air Force replaced $378 million worth of servers purchased by Lenovo.
>Have a Lenovo machine at home or work? I suggest you replace it.
https://eu.usatoday.com/story/tech/columnist/komando/2023/02/16/tech-apps-products-ties-china/11250875002/

>>102107129
tp link's pretty bad there's a fucking shit ton of unpatched vulnerabilities in their hardware. there's similarly priced stuff that's better imo.

>>102106836
Esxi lmfao why bro

>>102106873
Thanks

>>102107415
fuck it gonna put winblows server on top of esxi

>>102099635
i like sonarr, particularly the file renaming feature, but whatever they did with the search filters on version 4 made it completely useless to auto download and it's constantly downloading garbage, so now I'm back to manual searches
not convinced on radarr, i dont watch enough movies to justify it
jellyfin is great though (as soon as I figure out nvidia hardware acceleration on a lxc)

>>102107571
you needed to use hyper-v for maximum cancer

>>102107793
esxi is already fucking cancer what kind of garbage expects hardware raid and has no options for software raid

I want to make 24/7 stream similar to that GameCenter CX one on twitch.

it involves youtube videos from a playlist. OBS has too much overhead from a GUI so I was going to use ffmpeg instead.

I originally tried something like
'yt-dlp -o - youtube link | ffmpeg -i pipe: twitch link'

that would work, but for a playlist it would only do one until erroring out about "MOOV".

does anyone have experience with these 24/7 streams?

File: Capture.png (45 KB, 401x885)

45 KB PNG

>>102106136
This anon fucks. 2.4Ghz is tapped out in terms of new technologies. All the new action and router e-waste sales pitches occur on the 5ghz / 6ghz bands. The speeds here are impressive, but these frequencies have the wall penetration ability of a wet paper ball, so unless you are sunning yourself under the access point, your device is getting kicked to 2.4ghz is most cases.

Anon told me to see a psychiatrist last 2 threads >>102015392 when I showed cconcern for Xfinity broadcasting their mobile networks from my modem. I went online and disabled it in my account, but the network was still broadcasting it from my modem, and was fucking with my wifi network. Could fry an egg on the fucking thing.

I called and the first pajeet swore on a stack of hindu bibles xfinity mobile was off and it was my neighbor do not redeem the truth saar. I go to my neighbors and both aren't even xfinity customers, as well as the signal strength goes down rapidly as I leave my house. Pic related is me next to the modem where its stronger than my fucking access point in same house.

Call xfinity and saar number two (Hargobind) tells me its off. Finally I go Karen mode and start asking for a manager. Finally get Mehboobalikhan (really) on the phone who is a qualified technician who finally turns this shit off.

Maybe I do need a psychiatrist, but I don't think you guys are cynical / paranoid enough about this shit if you ask me. Paying $20 /month in energy bills to extend Xfinity's cell phone service. Fuck you man.

>>102107813
counterpoint: Microsoft software raid (storage spaces)

File: snmp.png (8 KB, 410x289)

8 KB PNG

>>102087392
Is SNMP a meme? Seems like a good idea to centralize network administration without vendor lock-in. Is there anything else worthwhile for management without having to go to a million different web interfaces, while not being locked into some retarded cloud connected bullshit ecosystem?

>>102107971
how about you buy your own modem you retard supreme?

>>102107971
Why don't we have WiFi at 1 GHz or something, wouldn't that penetrate walls much easier?

Maybe that frequency is used by other things though, I assume it must be

File: E34DPLPVgAAm3v2.jpg (45 KB, 500x364)

45 KB JPG

>>102108103
Fuck you,

Because the 1.2 GBS plan wasn't compatible with the modem I own. They also said I get unlimited data if I use this modem and it doesn't add anything to my bill.

Option 1 - Retard Supreme:
Go buy a $250 modem. Install. Pay +$30 month for unlimited data. Total cost $970 over 24 months.

Option 2 - Fuck dem Jeets:
Get included modem in package. Pay $0 for unlimited data. Spend around an hour on phone calling jeets on their jeet lies. Total cost $0 over 24 months.

Remember OP is the same faggot telling people to buy old poweredge housefire and "The Who" concert level ambient noises to save $200 over buying good normie hardware that will perform better. You can learn everything their is to know about IPMI in a weekend anyway so big whoop.

>>102108221
sb8200 can be had for <$100 on ebay
you don't get to complain about glowies if you choose the normie option
I eagerly await your mental breakdown when they oopsie reenable it in the near future

>>102091533
I didn't even knew they had DevOps solutions.
Unless they are considering OpenShift, but that should not be in this chart.

>>102090126
The gitea fork after the fuck up they did.
It's actually esperando for forge or something.

>tfw I still don't understand the difference between a router and a managed switch

>>102105982
NIce.
Personally, I own 4chin.org

>>102108544
Routers layer 3 switch is layer 2 regardless of manageability

>>102107813
Software raid in a VM, export iSCSI LUNs from that VM, import them to ESXi. Truly an enterprise way.

>>102108944
Jank as fuck? Sounds about right

>>102108544
all a switch does is SWITCH traffic between ports on the switch based on MAC addresses which are a layer 2 concept
a router will ROUTE traffic to other networks based on IPs which are a layer 3 concept
switching happens on a single device, routing happens between multiple devices

So I have RDP available to my phone through WireGuard VPN and I'm kind of scared that if the phone were to get stolen they would be able to bruteforce my RDP password. Should I even worry about this? If yes, what can I do to stop it?
>do phones often get stolen in your country
Not at all

>>102109018
This is only going to be a problem if your wireguard key is compromised. Also make sure you have your VPN traffic sufficiently firewalled off so you can only access RDP. Setup some sort of IDS or logging to detect any suspicious activity on your inbound VPN.

>>102109104
>private key
Can't you access it directly in the WireGuard app?
>VPN traffic sufficiently firewalled off so you can only access RDP
I also use it to access the internet. Should I make separate one for that?

>>102109104
if they get his phone then his private key is compromised. but the wireguard app makes you put your passcode in to view or export it
the best thing to do is have a strong passcode on the phone and have a strong RDP password too

>>102109018
come on, man, you know this is a power fantasy. the nondescript minority who snatches your phone is at best going to check google pay to see if there are some active credit card numbers they can use. they're not going to rush to their cyberpunk van to run brute force attacks against your home server before you have time to get home and reset your credentials

File: 1724201477614931.jpg (30 KB, 310x310)

30 KB JPG

>>102109018
Are you a targeted individual to worry about this?
There are two types of people that will steal your phone: "vibrant youths" and glowniggers.
The former cannot hack, don't know what RDP is, much less use it to hack into your server, and will only be able to sell your phone for spare parts because they cannot bypass activation lock.
The latter can do anything, up to and including poisoning supply chains and upstream attacks, stealing encryption keys, etc.
If you targeted by "vibrant youths," you should move someplace safe, if you're targeted by glowniggers you should get off the internet entirely. In neither case will some setting in your VPN save you.

>>102107129
you should always install openwrt on every consumer WAP

>>102109018
why is your password so short it can be brute forced?

>>102109198
Yeah, that's probably true
>>102109237
> Are you a targeted individual to worry about this? There are two types of people that will steal your phone: "vibrant youths" and glowniggers.
No, to both types of people
>>102109338
How long does it need to be? It's not really that short

I have this problem where I'm getting DNS leaks with my wireguard VPN turned on. here's what happens:
>start computer, connects via VPN
>no DNS leaks
>stop and restart VPN
>starts getting DNS leaks
I run unbound on my OPNSense router. my expected behavior is:
>unbound DNS when not using VPN
>my VPN provider's DNS, fully tunneled, when using the VPN
resolv.conf is showing the proper DNS server for my VPN provider, but I'm not sure why DNS queries would be going through unbound when resolv.conf says otherwise. any ideas on how to troubleshoot this?
I use dhcpcd for network if that helps

>>102108890
>>102109001
I'm sure that makes sense but I'm still clueless. What's an example of a situation where I might buy and install a router because I'm clueless but then realize that I'm a retard and what I really needed was a managed switch? Or vice versa.

>>102109366
8 characters might as well be plaintext, 12 characters is safe, 16 if your threat profile includes targetted attacks from state actors, 20 is schizo.

>>102109672
It's longer than 20 for me

>>102109800
When I setup a photo sharing webpage for my mom and dad, I made the password 30 characters long. If they're copy + paste it doesn't matter how long it is.

>>102109430
oh man. I've been banging my head against this one for a week now and I just narrowed it down to firefox. when it's open and I turn my VPN off and on, it starts leaking. but if I close FF and reopen it, no leaks
god dammit mozilla

>>102109898
Does it happen with chromium?

>>102109942
just tested it and nope, doesn't appear to happen on chromium. Just FF
I wonder what could be causing this

>>102109990
I wonder if FF hardcodes some DNS queries.
How are you confirming that the DNS is leaking in the first place?

>>102109990
i noticed that too a while ago.
try out librewolf instead of mainline firefox and see if that changes.
i have a sneaking suspicion that some of the firefox telemetry is quite aggressively relying on some dns stuff.

>>102110026
I'm using a couple online tools to do it. I'm getting the expected results on both of them for both FF and chromium
https://ipleak.net/
https://www.dnsleaktest.com/
>>102110049
man, I used arkenfox to try and rip all that shit out. but that would definitely be a possible explanation

>>102108339
I can totally complain about glowies if there is nothing in my contract that says I have to supply power to glowies without my consent. Don't normalize these scams by acquiescing to them.

Again, I can by a housefire SB8200 modem for $100 but I am still out $820 over 24 months versus just dunking on some lying Jeets over the phone.

Seems like an easy choice. I think you need the psychiatrist buddy. I'm sure you wouldnt be cool with a Dell Poweredge server using your power to supply the neighborhood with cell phone coverage without your consent or contract right to do so.

the browser shouldn't be allowed to use the non-wireguard connection
that's the only way of making sure nothing gets leaked

>>102110070
>arkenfox
i think some of the telemetry stuff cant be directly turned off via just a userjs nowadays.
its deeper rooted and hidden behind non obvious config files and probably also tied to core functions of the browser.
pretty sure main firefox is as bad as google chrome.

>>102110115
definitely shouldn't, but it is. just the DNS though. so weird
>>102110118
I'm starting to lean in that direction. I might try out librewolf in a bit. kinda feels like a cop out but what can ya do

File: images.jpg (4 KB, 225x225)

4 KB JPG

>>102108131
The FCC / US government is pretty strict about band permissions due to all kinds of reasons. The world largely has used this template to bring you the modern communications devices today.

Some of the old routers had 1ghz outputs, but largely have gone extinct due to lack of clients who use it. Same thing for the MIMU standard where Apple (rightly) said its not worth the MUCH higher power usage on their devices to enable this format for the benefits it gets. Wifi6 iphone pros can easily get over +1GBPS connection speeds without MIMU so it makes sense. Lord knows what wifi7 will do when enough clients are using it.

The general tradeoff with wireless frequencies is that you get more bandwidth (more data speeds) with higher frequencies (5,6ghz) than you do with lower 2.4ghz(less data speeds). But you inversely get worse coverage per AP with higher frequencies. You see this with AM versus FM radio as AM works well enough in rural areas but sounds like shit compared to FM.

That said, the new access points are pretty fucking amazing right now. I have a EAP-683UR serving my whole house (3,000 SF, brick / concrete house) wifi 6 mounted in the top floor hallway with only the bottom basement corners forced to use 2.4ghz band. Its using the proven Asus router AX6000 chip / antenna setup to do so. According to my switch its only using 7-10w to do so via POE with around 15-20 active wireless clients. $150 well spent.

>>102108131
There's no spectrum set aside for WiFi, so it has to use bands that are assigned as trashcans for stuff like microwaves that emit electromagnetic radiation as a side effect.

>>102108435
>after the fuck up they did.
What fuckup?

Not exactly a server question, but since you guys are probably the only people on the board with more than the most cursory understanding of networking, here goes:

Right now I'm piggybacking off my neighbor's internet with a wifi bridge. It's working sort of okay but it has problems occasionally and the current setup is an absolute mess with 5 routers in series up to my computer. I'm working on unfucking it and I'd like to get it down to 1 router, but I'm not sure how to get rid of the wireless bridges. I've read that MoCA is good for runs up to 1000', but apparently common RG6 cable is only good for 150' runs, and I'm not sure how well chink MoCA adapters will deal with long distances even with gucci cable. What hardware do I need to make this happen? Or is it a fool's errand and I'll end up spending $1000 just to get a less reliable connection than my current wifi setup?

>>102110789
Are you talking about the link between you and your neighbor? If you can run a coax cable, why not run Ethernet? If there are no obstructions you could also try a directional wifi link, i have used the ubiquti nanobeam ac gen2 on plenty of outdoor locations and it is very reliable, although it doesn't have a lot of bandwidth. I have also used the gocoax 2.5G moca adapters on some shorter runs (about 15 - 25 Meters) and they reached about 2Gbit/s. I think it was lcd 95 cable

>>102111087
Is it possible to do an 800' run of ethernet? Everything I've seen says 100m max.

>>102110789
Not sure about the setup here but if running a cable is an option just go with ye ol' faithful weather resistant plastic tubes shielding optical fibre. That would get you multiple km range if you'd need it and no repeaters or other bullshit necessary.

>>102111128
That's nearly triple the distance recommended for max ethernet run.
Why not fiber?

>>102110118
>>102110049
update: tried with librewolf. same thing, leaks when I disconnect and reconnect
I'm very surprised that chromium doesn't have this issue. it's gotta be some problem in firefox somewhere
maybe I should submit a bug report or something. never done that though

>>102110789
>800'
can i ask why youre sharing an internet connection? is it just for splitting the bill? or is it because you dont have a connection to your house?

>>102111180
>>102111219
I'm not sure why I didn't think of that, it seems obvious now.

https://www.amazon.com/dp/B003AVRLZI
https://www.amazon.com/dp/B0CYGFFB7B
Is this all I would need?

>>102105294
anyone?

>>102111280
It hurts enough paying Elon $120/month for 70 mbps. If we were to get a second one I'd still connect the fuckers together to try and get halfway decent speed.

>>102111311
I think for that TP-Link converter you need the OM3 cable not OS2 but other than that yeah.

>>102111384
so the situation is that you and your neighbor and sharing a starlink? rough. 70mbps could be a lot worse tho, especially if its symmetric (google tells me its not, double rough).
you cant run 800' of passive ethernet.
>>102111311
this is probably your best bet.

>>102111311
This should be all you need yes. Depending on your conditions definitely consider what >>102111180 said about weather resistant shielding. I haven't used SX fiber before but i see no reason why they wouldn't work. You need to make sure that your transceiver and cable are the same type though. For that distance om3 multi mode should suffice.

>>102111311
you need multimode fiber (om2,om3)
and a shovel

File: chink.png (358 KB, 808x937)

358 KB PNG

Just ordered one of these n100 mini-pc to migrate mi jellyfin server, wish me luck

>>102111311
>>102111487
https://www.amazon.com/dp/B003CFATKQ
thats what you want if you were going to use that single mode fiber

>>102111311
Unless you need ultralow latencies, I'd recommend this. I installed these at my father in laws farm to check on his baby calves without leaving the house.

In my homework, a lot of people use these for use-cases like yours (jewing your ISP in rural environments)

https://www.amazon.com/TP-Link-EAP211-Bridge-KIT-Wireless-Integrated/dp/B0CX85WC61?source=ps-sl-shoppingads-lpcontext&ref_=fplfs&smid=A24J5XI5TU8T5O&th=1

I can attest these worked 100% fantastic for high resolution 24/7 video, although it was around 500ft location to location. These are different from typical wifi mesh extenders in that they are directional and not radially amplified.

I'd try this before you dig up 800' of trench. Also one thing to know about fiber optic that if some yahoo trenches through it and breaks it, its SIGNIFICANTLY harder to repair than coax / cat45.

>>102111553
>n100 mini-pc to migrate mi jellyfin server, wish me luck

>>102087392
>i226-V NICs are not suitable for servers

File: me.jpg (59 KB, 640x384)

59 KB JPG

thinking of building my own budget home media server.
are build questions acceptable here or more for /pcbg/?

>>102111606
Im currently using a B85M-G R2.0 for my "server", I don't think it will be worse than that

>>102111654
go ahead anon, just beware of the enterpriseschizo
dont buy remanufactured chink mobos

File: build.jpg (133 KB, 1194x744)

133 KB JPG

>>102111771
found a bunch of parts I can easily get used on Ebay. Was hoping to get it in a compact form factor.
R8, h8 and/or call me a faggot.
>dont buy remanufactured chink mobos
good thing gigabyte is taiwainese ha ha..

>>102111606
>>102111714
Ok I read a lot about the i226-v issues and looks like people using low-end cables and using the 2.5gb mode get drops but using 1gbps mode (router only supports that) and quality cables resolves the issue.
Will test when chinkshit arrives

>>102111850
get v4's at least, v3's are really shit and v4's dont cost anything extra really

File: wishmeluck.jpg (54 KB, 640x480)

54 KB JPG

>>102111921
thanks fren

>>102111771
>just beware of the enterpriseschizo

CATTLE NOT PETS
>Anon, I don't need to orchestrate 5,000 servers, I just want to host jellyf-
NOT RHEL, DOESN'T EXIST
>I spent $25 for an old workst-
YOU PURCHASED EWASTE

He's hilarious

Anybody have any experience trying to get Jellyfin to downmix Dolby 7.1 to stereo? For some reason, despite setting that as the max allowed audio channels for my profile, it still wouldn't downmix, so my TV has no sound as it was just the 2 top channels and the rest are cut off.

>>102111439
It gets about 70 down, 50 up at the starlink. I used to have 250/5 when I was living in town, which I would greatly prefer. It was half the price, too.

>>102111420
>>102111487
>>102111560
I'm reading the wiki page for the standards and I'm not entirely clear on what I want here. The multimode fiber setup is more expensive, but it sounds like 1000BASE-LX with single mode fiber is actually good for a significantly greater distance? Both would cover me, but is there a reason I'd want multimode?

>>102111589
I have basically the same setup, Ubiquiti Nanostation M2. My problem is just that every time I have some sort of dumb network problem, it's a pain in the ass having to figure out where it's even at. Is it my wifi router up here? Is it the nanostation up here? Is it the one down the hill? Is it the router that's set up in client mode because the piece of shit starlink doesn't come with an ethernet port? Is it the starlink router?

My goal is to get down to 1 router between my PC and the starlink. There's a cable that lets you add an ethernet port between the starlink dish and router, I'll put the starlink router into gateway mode and plug in the router down the hill, then fiber straight from that to my PC, then get a wireless card to be the wifi AP up here.

>>102109622
The typical way to put it is if you don't know why you would buy a managed switch, you don't need one.
Honestly, for most people an unmanaged switch works just fine.

do you guys do network-wide encrypted dns? if so what is your solution

>>102111850
find a supermicro 1151 board with a nvme slot and IPMI
get a used 250GB samsung enterprise nvme ssd for the base OS
avoid the fag case, you dont need a $150 pc case, put that money towards motherboard + xeon + ram + whatever sata hard drive

so I was looking for UPSes for my NAS and router, and I've been eyeing the APC BR1200SI because I can get it for a decent price. Documentation says it outputs a sinewave on battery (I assume simulated), so will it work with my APFC PSU without issue?

>>102111850
It might actually be cheaper to get a 2000-series Xeon and ECC memory. I picked up 128 GB of DDR3 1866 for $50. The CPUs are usually cheaper, too. Motherboard might be slightly more expensive since you need a (probably new) chink LGA 2011 motherboard instead of something used, but they're still only $50-70.

>>102112174
I guess I don't have experience with Starlink like you do. In either event, the fiber optic cable will be the best long term route, but trenching 800ft will be a big lift. I also don't see how it gets around the problem of a network issue at the wifi repeater near the starlink. Whatevs, you do you. I just cant fathom doing 2-3 weekends of backbreaking labor in world record setting heat to save on $120/month internet service. Just take my money Elon.

File: square_dishy_ethernet_conn.png (60 KB, 752x507)

60 KB PNG

>>102112579
It's an excuse to put the chainsaw on the tractor, that's worth it all by itself. This thing here solves the wifi client next to the starlink, it will become the wifi AP and the starlink will get set to gateway mode. It's in the mail already.

How the fuck do I set up a wireguard server? No matter what I try I can't connect to anything once I connect to it

>>102112725
Sounds like you had it all figured out all along. Were we here just to reassure you on your decisions bro?

>>102112278
dnsmasq with dnssec + doh on the router. Everything downstream from there is unencrypted.

>>102112439
yes

>>102112492
do not buy chink motherboards without a lot of prior research
the cheap ones last <3 months.

>>102112174
>is there a reason I'd want multimode?
its generally cheaper and less fragile.

>>102112807
No, you were here to answer my questions about the best way to run a wired connection 800', which other people did and I'm grateful for.

>>102112802
Are you trying to send all your outbound traffic through the tunnel? First check if your client is actually connected. Run

wg show

on the server, it should tell you when your client last connected to it. If that works, then you probably aren't forwarding packets correctly. Given that you said you cant connect to anything i assume that you have already properly set the allowed IPs to all. You also need to configure the server and maybe your firewall to allow forwarding.

>>102113007
/diy/ wouldve been better anon
though i suppose you'd have to wait til next month for a reply

File: Capture.png (416 KB, 896x734)

416 KB PNG

>>102111850
I think zen3 Ryzen is a better fit for you. Better performance and cheap to find. Most parts can be had super cheap even in the wastelands of Bongistan. Its hard to use pcpartpicker to get server parts, so I made a pic.

CPU $140
MB $70
Memory $100 (ECC)
PSU $90 (titanium - will last a long time)
SSD $60
HDD ($6.66 / TB - 12tb seems to be the sweet spot)

With this you get 24 lane, pro CPU with APU and ECC support. SSD has dram which is good for a server OS drive. A power sipping PSU with high efficiency (Corsair RM550x is best in class but unavailble new). Memory is a QVL on this board for ECC ram udimm at a good price.

You're looking at a very future proof zen3, low power server that works in linux, windows, etc. The MB is well built, well reviewed and gets support from MSI for a itx size. The best selling b550 at microcenter by far.

You don't get IPMI but thats the tradeoff. CPU / board idles under 10w, even less with a good PSU.

>>102109622
You'd get a router if you needed a separate network. If you see no point in having another network, you obviously don't need a router.
You'd get a switch if you wanted to expand an existing network. And if there's any complexity in the network architecture, you'd need a managed switch for those complex aspects. If it's a basic network, you could go with a basic unmanaged switch.
>>102112174
>Both would cover me, but is there a reason I'd want multimode?
If you wanted to stick a high rate (over 10G) of data through the link, MM would be useful. For example, in your "local" network and the core switches. But for your use case, single mode makes more sense as it is much better for greater distances.
For example, the MM converter listed in >>102111311 only supports a fiber link of up to 550M or 220M, depending on the type of fiber used. A SM converter, like the one listed in >>102111560 can have fiber links up to 15KM.
And you need to remember, that when switching from a LOS solution to a cabled one, the link length can't be transferred 1:1, you always need some sort of buffer. Whether you dig it into the ground or deploy it on trees or other higher objects, there's no avoiding the extra length.
But before you go figuring out the route with the least amount of obstacles (roots, rocks, undesirable soil, etc.), consider making the rest of the network more reliable.
For example, your earlier complaints about questioning the local Wi-Fi router? Running cables for the devices connected to it.
Or the part about network problems? Reconfigure the network so that you're not behind 7 NAT and can actually test how your connection is going through. Like making each router use its own address range, and having other networks than the basic 192.168.0.0/24, stuff like that.
>>102112802
Are you testing it from your local network? Have you set up NAT hairpinning? If not, then it's obviously not going to work. Either set up NAT hairpinning, or test it with a phone or hotspot.

>>102106836
Shouldn't have given yourself an option for
>some other horrible shit

>>102107813
Could you imagine them dropping support for your raid controller?

>>102108544
A router makes subnets and assigns IPs to the networks it is managing. Also firewall. Clients on different subnets can not normally find each other without knowing the other exists and how to get there.
Managed switch makes vlans to restrict where routing is allowed to go. This might prevent a wifi client or that suspicious $10 security camera you bought on temu from finding your stash of terrarium schematics.

>>102113012
I've set allowed IPs to 0.0.0.0/0. I've also opened the port wireguard is using in my router. I'm not sure how to specifically check if it's open, but all my other service's open ports were set up the same way and work fine
>>102113025
I was testing it through the local network, but it behaves the same on mobile data. I'll look into hairpinning

>>102113024
>You don't get IPMI but thats the tradeoff.
Would it be worth it to look into alternatives like blikvm or pikvm if I went the AMD route?

File: 20220913_180725.jpg (977 KB, 3456x3456)

977 KB JPG

I made a file hosting website recently and it got a few bots uploading empty, 0B sized files. They were of every extension type, but only by file name. Their content type headers were "octet-stream". I changed the minimum file size to 1 KB and they reacted by somehow upping their file upload sizes to 1 KB. They uploaded 4.5k files in 2 hours.

You gotta wonder why the hell people create bots like this.

I've countered this by rate limiting endpoints, and added a Geo-IP whitelist to Nginx. We'll see how far this gets me. So far so good, but if this fails, I will have to look at proof of work, or a Cloudflare sort of service.

It really makes you wonder how much of Discord, Google, etc.'s storage is pure, rotten trash?

File: file.png (4 KB, 494x45)

4 KB PNG

>>102113367
see if you can ping the server IP (over the tunnel, using the wg address) while connected. if you cant, you arent actually connected.
or if youre on windows ui, you should see a non-zero download transfer; if it the tunnel is enabled but theres no download, then youre not actually connected.
in either case, its either an issue with your network firewall, or an issue with the client config (e.g. the endpoint is set to domain.local, but the DNS is tunneled through wireguard, so it will enable the tunnel but then not be able to resolve the hostname).
if you really are connected, the issue if with the packet forwarding on the server; post your server config.

>>102113524
With pinging I can send packets to my server, but I don't receive any back

>>102113367
>I was testing it through the local network, but it behaves the same on mobile data.
Which means that the issue is somewhere else, not about lacking hairpinning.
What does your local setup look like? Router>Another machine with WG installation, or something more complex?
Can you even connect to the WG instance, or does activating the tunnel fail before a connection forms?
If there are multiple networks involved, do all the routers involved have the proper routes set up?
If the tunnel is active, how are you testing the connection? Pinging an IP, are there holes in the firewalls? Pinging a hostname, does it resolve to a proper IP?
>>102113555
A single Wireguard peer, or multiple? If multiple, what does the list of allowed addresses (on both sides) look like? Are multiple peers active at the same time?

Any recommendations for a 1U JBOD?

>>102113555
so not connected. if youre on LAN and cant ping it, its probably a firewall issue. figure it out yourself or describe (sketch would be nice) your network topology.

>>102113555
if you run `wg show` do you see `latest handshake` how does the value behave?

>>102113449
Did you link your file hosting service in this or the previous thread?
I know some anons are malicious and do this just to fuck with people. A bot like that would be very easy to write or adapt some skiddie method.

>>102113588
What does your local setup look like?
Just a router that my server is connected to. I will mention that I'm using yunohost, if that effects anything.
>Can you even connect to the WG instance
I thought I could but actually I don't think I can. wg show doesn't list a latest handshake time.
>>102113604
I'm not sure if this is what you want, but my local network is just a router and everything else connects to it. I don't have a complex setup. If you meant something else let me know, I'm dogshit when it comes to networking stuff (evidently)

>>102113816
Quick update, I did manage to get a handshake at least.

>>102113816
so the traffic goes as client -> router -> yunohost -> wireguard vm, correct?
check the router, yunohost, and the vm to see which one is blocking the incoming traffic (or, possibly, which one is blocking the servers outgoing traffic, though thats less likely).
>>102113850
are you able to proxy through the VM now? if not, post server config.

>>102113850
Check your server is configured for ip forwarding (in general)
> cat /proc/sys/net/ipv4/ip_forward
should return 1
Configure your host to perform NAT forwarding on traffic that comes in the wireguard interface, this will vary depending on your configuration but if you're using iptables could look something like this
> iptables -t nat -A POSTROUTING -s 10.200.200.0/24 -o eth0 -j MASQUERADE

>>102113604
Not necessarily, wireguard connection could be up but it's easy to (mis)configure on either or both sides.

>>102113367
What do you have as allowed-ips on the router side? It can't be 0.0.0.0/0 unless adding allowed IPs to routing table is explicitly disabled. On the router side each peer should have the remote wireguard interface IP/32 in allowed IPs so OS and Wireguard know where to route traffic for that peer.

>>102113908
>Not necessarily, wireguard connection could be up but it's easy to (mis)configure on either or both sides.
oh yea youre right

File: file.png (61 KB, 483x699)

61 KB PNG

>>102113869
Yunohost doesn't use VMs as far as I know, so it's just client->router->yunohost/wireguard server
I got the handshake working because turns out I had to add it in yunohost's firewall settings. Now that it's properly open I can connect to wireguard, I just can't connect to anything else via wireguard.
>>102113905
ip_forward is 1, and the server has a post up script:

iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp3s0 -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o enp3s0 -j MASQUERADE; ip link set multicast on dev %i

And post down script

iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp3s0 -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o enp3s0 -j MASQUERADE

Which I'm guessing covers that, but maybe not, again I'm not good at this.
>>102113908
The allowed IPs are 0.0.0.0/0, but the allocated IP isn't ,if that's what you mean. Maybe this configuration is wrong too I dunno.
Also the empty endpoint field doesn't mean it doesn't have an endpoint, I thought that too initially but it just means it uses the default endpoint, I found out by checking my client's settings.

>>102113990
Firewall rules look OK at a skim.
Keys / port forward / external firewall are good or you wouldn't see handshake.
As the other anon mentioned you don't want 0.0.0.0/0 on your server side.

I don't know what this UI is but if you can dump the actual wg conf files for server and client (with keys redacted) that would help us target the issue.

Basically in your server config you should have a something/32 interface address and each peer should have a single ip in AllowedIPs

On your client side you have a something/32 interface address and 0.0.0.0/0 allowed IPs

That's for the most simple case which is "when vpn connected push all traffic through the server"

>>102114098
I think this is the config file you're looking for

# This file was generated using wireguard-ui (https://github.com/ngoduykhanh/wireguard-ui)
# Please don't modify it manually, otherwise your change might get replaced.

# Address updated at:     2024-08-27 22:23:47.274486356 +0000 UTC
# Private Key updated at: 2024-08-27 20:43:28.342435059 +0000 UTC
[Interface]
Address = 10.10.10.0/24,::/0
ListenPort = 8096
PrivateKey = REDACTED
MTU = 1450
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp3s0 -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o enp3s0 -j MASQUERADE; ip link set multicast on dev %i
PreDown = 
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp3s0 -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o enp3s0 -j MASQUERADE
Table = auto


# ID:           cr74qe6dsjjc35q9hnu0
# Name:         Test
# Email:        
# Telegram:     
# Created at:   2024-08-27 22:03:36.691819928 +0000 UTC
# Update at:    2024-08-27 22:24:02.476572055 +0000 UTC
[Peer]
PublicKey = REDACTED
PresharedKey = REDACTED
AllowedIPs = 10.10.10.1/32
PersistentKeepalive = 15

>>102114160
Also ignore the ::/ address, I accidentally added that and then removed it later

>>102114160
looks OK to me, can you dump a client conf as well?

File: file.png (82 KB, 1827x143)

82 KB PNG

>>102114160
a bit of a long shot but is your LAN on 10.10.10.0/24 as well? because whatever tutorial i copy/pasted when i was doing this claimed that the peer subnet had to be different than the LAN subnet. not sure why, maybe its for DHCP reasons.

>>102114193

[Interface]
Address = 10.10.10.1/32
PrivateKey = REDACTED
MTU = 1450

[Peer]
PublicKey = REDACTED
PresharedKey = REDACTED
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = SERVER_IP:8096
PersistentKeepalive = 15

SERVER_IP is just the IP of my server

>>102114234
It's not that sadly

>>102113765
yes, I posted it on /g/. It's helped me harden it. Now I don't feel like I'll get caught with my pants down in a month from now

>>102114236
oh fuck you can set an MTU in wireguard? thats cool, thanks for the tip.

mine looks like this.

[Interface]
PrivateKey = key
ListenPort = port
Address = 10.40.50.60/24
DNS = 10.40.40.5

[Peer]
PublicKey = pub
AllowedIPs = 10.40.40.0/24, 10.40.50.0/24
Endpoint = server:port

try changing the address of your client interface to a /24 subnet.

>>102114236
Looks OK too
i'm back to suspecting the firewall rules, can you run this
> sudo iptables --list -v

>>102114341
Too big to to fit in a post
https://files.catbox.moe/wdu17i.txt

>>102114314
Tried setting it to /24 but it didn't work still

>>102114234
>not sure why, maybe its for DHCP reasons.
There's no DHCP involved, all the WG devices get their IP manually. Routing is a likelier cause. The WG interface is just another networking interface. To make things easier to manage, each interface should be on its own network for a router (or on the device doing the routing).
Consider the routing table. If you have a 192.168.1.0/24 network behind one particular interface (LAN), what happens when you have a second interface (Wireguard) in that same space? The packets go towards the first one depending on priority. Unless you've bridged the interfaces in some way, if both the LAN and WG network share the same space, packets destined to the WG space will all be directed to the LAN interface. This is a bad thing, for anyone who doesn't understand routing.
>>102114236
Replace the "server side" interface address with 10.10.10.1/24, and the "client side" interface address with 10.10.10.2/24.
This of course comes with replacing the "server side" Peer AllowedIPs with 10.10.10.2/32 as well.
10.10.10.0/24 is a network address, it's not a valid address to use as a device address.

Is an Intel Xeon 1620 v3 enough to run a handful of VMs in Proxmox? Specifically a Win10, OMV, Jellyfin and a torrent VM?
I could buy a Xeon 2690 v4 but I have to pay taxes and shipping and duties fees to get it here.

>>102114425
>Routing is a likelier cause.
oh i see, ty anon <3

>>102114399
I've set up a few wg servers in my time and you've got me stumped. I'm sure it'll turn out to be something really obvious!

>>102114434
>can i run four operating systems on a decade old quad core
yes

>>102114534
I hope so. For now I'm tired and it's late so I'm just going to go to sleep and try to unfuck this tomorrow.
>>102114425
Changed it to 10.10.10.1/24 and it doesn't change anything, but I guess it's probably better in some way.

>>102087392
Lightweight solutions to Nextcloud? Is this a thing?

File: DxePkytVAAAb61H.jpg (18 KB, 326x326)

18 KB JPG

>>102113415
pls I need to know

>>102114619
depends,
how experienced are you,
do you expect to access the server beyond OS level remote access often
can you give it a keyboard and monitor
can you temporarily give it a keyboard and monitor if and when you need to

in my estimation IPMI or KVM/IP are nice to haves. Sure i'd like them but there are better places i can spend my money.

>>102114572
https://github.com/lsyncd/lsyncd
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/robocopy

or you can just use network shares. i switched to SMB after i got fed up with nextcloud shitting the bed every time i ran

git clone cpython

. never looked back.

>>102114572
Nextcloud can do a lot, what features do you want? if it's just file sync look at syncthing

>>102114709
File sync with a non bloated server, and non bloated client app that generates GB of logs all the time is one. Second I guess is calendar solution. It's alright if they're separate. Open source would be nice.

File: 888.jpg (67 KB, 1024x768)

67 KB JPG

>>102114665
>in my estimation IPMI or KVM/IP are nice to haves. Sure i'd like them but there are better places i can spend my money.
fair enough, thanks again /hsg/ frens.

>>102114788
i can't speak for calendar but for sure check out syncthing. don't even need a server for it, lightweight, easily runs on e.g mobile, open source - optional nat hole punching and relay

>>102114537
I can't tell if you're being sarcastic.

>>102110234
I have 3 of these and they're all dogshit. Not only does the range suck, but also some features like a mesh network are gated off behind their "omada" cloud niggerliciousness. should've returned them when I had the chance.

>>102107597
check out medusa, same thing as sonarr in concept, but it allows you to adjust search parameters n stuff. So for my instance I use sonarr for TV shows and medusa for anime since names can be funky and can specify a release group

>>102099635
>jackett
I switched this shit out as soon as I discovered Prowlarr, because it autoconfigs the indexer for you in the appropriate *arr service once you add it.
Compare that to having to manually take it from Jackett, go to your *arr, and add it manually.

>>102099713
Oh good, I'm not the only one noticing this. I managed to only a few books and then realized search was absolutely busted, only to find that the api.book.club is basically defunct.

>>102106683
>Another e-waste setup here.
Jelly? It's probably just 2 or 3 used towers tied together with Kubernetes

File: images.jpg (9 KB, 262x192)

9 KB JPG

>>102114665
This. OP here. A lot of people here like to larp and spend others peoples money on equipment they've never used themselves.

IPMI is great for people who need remote access for critical uptime systems. Updating BIOS without system interrupts. Its great.

However, a home NAS is not a critical uptime system in 99% of use cases. Need to update a BIOS to patch a security update? Turn off the fucking server at night when your family is asleep to do the update.

The other argument is you buy enterprise shit to practice at home for that big sysadmin career that will show up some day. That might happen too. However, I believe that any anon who is smart enough to make it here to hsg could learn everything there is to know about Lenovo, Supremicro, Asrock Rack, HP and Dell Poweredge IPMI user interface in a weekend if they had to. It doesn't require investing in a fucking 10 year old loud, housefire inefficcient system to do so either.

The last point is that people hate on AMD because Intel is the proven standard in the server community. I'll just repeat the old adage in financce: "prior performance doesn't guarantee future returns". This is especially true now that Intel has clearly approached the Enron "Loot the Treasury" stage of corporate incompetence phase. Pic related.

AMD's leadership is clearly future looking and merit based (CEO didnt get there because she wore tight black turtlenecks showing off her tits) and there stock price proves it. AM4 (the system I recommended) is probably the most proven and successful CPU platform in the past 20 years easy. The i5-2500k meme is just that.

Call me a shill whatever. The fact that AMD is the ONLY supplier right now in the server market that can provide (1) ECC ram support (2) low idle power draw (3) onboard APU with a (4) low cost motherboard platform means its ideal for home server / NAS use.

>>102115014
You have 3 of the UR683s? Not one of the shittier models? Yes it does require Omada software, but virtually all the server OS's have it as an easy to use application to manage.

Not going to lie, but I looked into it and Ubiquiti needs controller software for mesh too.

I'm not brand loyal to TP-link. What AP would you reccommned? I'm not buying some Fortinet mist access point to pay out the ass in cloud licenses because of some gay Gartner chart bro. I'll tell you that.

what's the deal with /hsg/ and calling things e waste? if people are using it then it's not waste.

>>102116237
no its a poweredge

Was looking at what kind of rack I want for my network, but I've managed to find a 15u rack with with a KVM console mounted for <$200 locally. Assuming it doesn't get scooped up by payday, I'm going to message the seller

In the scenario of assembling a small NAS for a gigabit LAN with a write-once/read-rarely workload for archiving media (generally 1 user at a time), built with an ITX mobo that (including boot devices) has either a max of eight SATA drives + four PCIe Gen3x4 drives vs. four SATA and five PCIe 3x4 drives (ideally crammed into a Fractal Node 304), and given a cap of 64GB ECC RAM how would you plot out your storage vdevs?

Truenas is kind of overwhelming because so much can go wrong for your setup to run into performance issues, and you have to plan everything ahead of time and all the individual parts cost a ton of money.

>>102118037
>with a write-once/read-rarely
I have something similar and I think that ZFS is overkill for this. Just use OMV with mergerfs and snapraid.
It's what I used to do before using Proxmox and installing OMV as a VM instead. OMV can't really run VMs so I had to leave it but I liked snapraid so much I stuck with it using OMV as the VM instead.
https://www.youtube.com/watch?v=Y3yF1Rsu7ow
This was a guide I followed when setting mine up.

>>102102606
>I told my family, my sister is sifting through all the old pics right now and I'm gonna show my mom tomorrow.
Based
>>102112025
Client support is still iffy in jellyfin, perhaps try Plex and see how it downmixes on your TV. I'm assuming you already looked at the downmix settings on client and server. Jellyfin's downmixing to stereo works on the clients I use it for. If you're running an Android TV client consider an external player.
>>102112278
AdGuard home. DNS over tls for anything going to WAN, everything on LAN is unencrypted.
>>102116609
Pretty sure it's 1 anon.

>>102112025
>>102118256
agree with this anon, jellyfin clients are dogshit. but instead of trying plex, which is gay, use kodi as a client and use jellyfin for kodi to import your library. you’ll have to install 1 plug-in to jellyfin to sync watch status, I forget the name but it’s really obvious iirc like jellyfin-kodi-syncwatchstatus. also is it transcoding to something like ac3 or whatever? I dunno how that works because I have jellyfin setup to always play everything direct 99% of the time except in rare situations when it plays to TVs I don’t use terribly often but keep in mind if it’s down mixing the channels without changing from dolby and your hardware can’t playback dolby you’ll get silence and need an external player like that anon said. but I don’t know if this makes sense, if jellyfin can even strip channels out of a dolby track vs just transcoding it which basically anything should be able to play
and also use adguard home is similar setup, can recommend, works well

>>102117164
nice, can I have the KVM console?

File: Visual example.png (48 KB, 988x381)

48 KB PNG

>>102114554
Returning to this. >>102113588 has some questions about networks and routes.
Since you were previously using a network address as a host address, I'm guessing you aren't that familiar with networking in general. Now that you've fixed the network address being used, it would be wise to verify your local networking.
You have two different networks in use, right? A 10.10.10.0/24 for Wireguard, and another (something in the 10.0.0.0/8 range, or just the basic 192.168.0.0/24?) network used by the router, correct? And those two networks are different, meaning that only one of them is using 10.10.10.0/24, right?
If they are, does your router know where to send the packets destined for the Wireguard network? Is there a route in place? Basically, this image.
The green scribble is how it's supposed to work. Your router gets packets at its external address with the Wireguard port, and it forwards them to the Yunohost IP. And since you want access to other devices on the local network, the router also needs to know where to forward packets destined for the Wireguard Network (10.10.10.0/24 in this case), which the router knows (or should, at least) is behind the Yunohost address.
The red scribble is what happens when routing and forwarding isn't set up correctly. An incoming packet hits the external address, but if there's no port forwarding, the router just drops the packet.
Or the yellow scribble, if the packet is properly forwarded, and a tunnel is made, but a route for the Wireguard Network is missing. If the router doesn't know where that network is to route packets destined to that network, they're getting lost. Which means the WG client isn't receiving anything.
>>102116609
Recycled/refurbished/reused e-waste doesn't change what is previously was. Or what it's going to be in the future. It's also much shorter, as opposed to refurbished electronic devices. And can't forget the linguistical intricacies, I assume that there's more ESL's than EFL's.

>>102120047
>You have two different networks in use, right?
Yeah, my standard one is the 192.168.0.0/24 one
>does your router know where to send the packets destined for the Wireguard network?
Well I'm able to ping the server and get a response, and wireguard sees it as a handshake, so I'm guessing that means it's reaching it. I can also send packets to any other address, but I don't get the reply back. So I'm guessing the issue is either responses not arriving somehow, or wireguard not knowing how to forward packets forward, so they just reach wireguard and stop

File: Visual example 2.png (22 KB, 1066x485)

22 KB PNG

>>102120105
My Wireguard is running on RouterOS, an older MikroTik that also does Wi-Fi. The GW router is an Ubiquiti that didn't want to to Wireguard that much, but that's not important.
But compared to the Yunohost setup, it's not that different. Here's how it looks visually.
The Gateway Router has two static routes added, the Second Network, as well as the Wireguard Network. And the second router (or your Yunohost) has a default route with the Gateway Router.
There's actually a lot more configured (like additional WG interfaces for some peers), but this is the most basic example that you can learn from. And the main thing to focus on is the existence of an additional network (the Wireguard Network).
Just like you would add a static routes on the routers to achieve connection between the two networks, you should also ensure that your Gateway Router has a static route for the Wireguard Network, with a destination of the Yunohost address.
The Yunohost already knows where packets destined to the Local Network (your 192.168.0.0/24) should go (your Gateway Router), and where packets destined to the Wireguard Network (10.10.10.0/24) should go (the Wireguard interface).
But your Router only knows where the packets destined to the Local Network should go (its local interface), it has no idea what to do with packets destined to the Wireguard Network.
So go to your router, and add a static route. The route being 10.10.10.0/24, and the next hop or destination (depending on how your configuration interface looks like) would be the Yunohost IP in the local network (192.168.0.whatever).

>>102120105
>>102120228
I think this anon is trying to help you set up a configuration in which your wireguard clients are bridged onto your physical network in their own subnet.
It's not clear to me that's what you want - i think it would be helpful to start from scratch by describing in English what you want to achieve.
If what you want to do is run a service on a box, clients connect to that service and have their traffic routed through it then the approach you were taking before should in principle work fine (including having a /24 address in your server side wg.conf - i have one working just like it) you run wireguard, do a bit of config on your server, clients are NATd and you don't need to modify your router at all.
this will work well if you want to
- tunnel internet traffic through your server when you're outside your network
- access internal services
it won't work so well (will require more configuration) if you want devices on your LAN to be able to reach services hosted by your wireguard clients.
Either approach can work but don't get caught half way between both

>>102120370
>you don't need to modify your router at all
beyond a port forward like you have for your other services*

>>102120370
Yes, avoiding NAT and having a routable network is indeed one of the aspects in the end result of what I'm proposing.
But if having more than one NAT is not an issue, then it can be done in an alternative way.
>(including having a /24 address in your server side wg.conf - i have one working just like it)
However, it's important to note which ones and where. A VALID /24 as a client address or interface address, yes, that's going to work just fine. But as an allowed IP or address, only when you'd have another network behind that WG Peer.
But a Network or Broadcast address (first and last IP, .0 and .255 with a /24 mask) as a client or interface, that's different, and functionality is no longer guaranteed. You'd only use a network address (like 10.10.10.0/24) as an allowed IP/address if you had another routable network behind that Wireguard peer.

>>102120228
>>102120370
It works now. I don't know why. I uninstalled and reinstalled the wireguard package for yunohost, fucked around with ports for a bit and it wasn't working. Then on suggestion of some online guide I tried running tcpdump and listening in on traffic for the port. And then somehow it started working. It still doesn't work if I'm connected to my local network, but that's a much nicer problem to have than not being able to connect from any network. If I'm on mobile data I can reach it with my phone now.
Thanks to everyone that tried to guide a retard like me through this.

>>102120711
you should just use https://github.com/angristan/wireguard-install

Can you run ECC on a Ryzen 5500 and does the ASUS B350M-A boot without GPU?

I have a 4350G "Pro" that I'm looking to upgrade. 4650G and similar are absolutely overpriced and hard to obtain. The 5500 would be a lovely Cezanne with likely even less power draw and efficiency. Or would you go 5600 (UV + Underclock)?

The server was running on my old B550 "gaming" board that I'm looking to sell right now in hope of improved efficiency and money. The server runs idle most of the time, just TrueNAS and several ubuntu server VMs. I have 32 GB ECC DDR4 but wonder if I even need ECC, because I don't see why I should pay 150-200 € for a shitty old Renoir CPU that I could get an entire laptop with the same CPU for.

i think im gonna run opnsense barebone with a vlan switch
my head is beginning to hurt with my vm routing

>>102121483
I did similar. I want my router and firewall to be simple and rock solid regardless of what fucking around I'm doing

>>102087392
Is there a reason anons here virtualize everything? It's definitely not more stable (unless you care about host stability more than VM stability), and I doubt anyone here uses live migrations to avoid downtime.

>>102121671
I don't know, maybe because its easier to play around and break things since everything is contained. Or just because its fun.
The last time i did VMs is when i bought a primergy rx300 but i don't regularly use it anymore since it idles at 100W. I think for most people containerization is more convenient than virtualization. Personally i run everything i can bare metal (with nixos) and have like 3 docker containers

>>102121671
>>102121799
I'd echo this anon, my own journey started with VMs - it's a super easy concept to grasp but I rarely use them any more.

>>102121671
as opposed to running bare metal?
shutting down all resources of a service by turning off a machine it's simpler than running N commands
being aware of how much resources a service is using is useful information.
having backups of the entire state required for a service to run means you can restore specifically that service at the exact state you want with no hassle at all

>>102121671
sometimes I just want to spin some shit up and not have to mess around with a bunch of new hardware to support it
for example the other day I built an SSH jumphost for sharing files between my LAN and a segregated VLAN. all it has to do is accept SSH connections and store small files. so I spun up debian in proxmox and set the VLAN, created the VLAN on my switch/router, and firewalled to deny outbound connections. werks gr8
I'm going to build an domain controller in it too so I can mess around with active directory. VMs are great for testing because when I inevitably fuck something up, I can just restore from a snapshot or build it again from scratch
proxmox VMs also help me free up ports on my switch too, so that's a bonus
there's a lot of reasons

>>102121182
No idea about the board, but the CPU will not. It needs a Pro or "x" in the name. Ie. 5650g pro or 5600x.

>>102121966
>>102121876
>>102121819
>>102121799
>>102121483

new thread you guys:

>>102122157

>>102122157

>>102122157

>>102122158
ty baker anon

>>102121671
I don't want to buy a mac but basically need one to backup my family's ios devices as far as I can figure. Will need to setup a mac vm.

>>102109338
>you should always install openwrt on every consumer WAP
i have two unifi u6pros theyre pretty good. i would install openwrt on them if i could.
i know you could install a custom firmware on older models but the new ones use some sort of signature to prevent that.

>>102108087
checkmk is one of the greatest for monitoring.