are you ready for a No NAT November bros

nix completely replaces docker
dockertroons BTFO

File: 41+cqx4lrkL._SS284_.jpg (9 KB, 284x284)

9 KB JPG

Could have sworn some anon wanted to know how much these tiny switches consume
With 2 10G-SR transceivers, 3 gigabit devices and 1 2.5gb device. It's 5W exact.
Feels surprisingly warm for only 5w, had mine for a year already

Can I just jam some 2.5 inch sata ssds into my sas back plane? They don't fit the trays, but they also don't weight anything.

>>107047472
>>107047544
I don't usually come to these threads but I really like the sound of no NAT november

I want to cut costs on ai tools so thinking of making a homelab for n8n automation and generative text and images. Can someone point me in the general direction or even give some pointers?

From the research I've done, it'd be best to get a used workstation and throw in something like a rte 3060, to use for anything generative.

For the n8n server, something like a R210 II would be fine and I can just get a $10 server cabinet from marketplace?

File: shopping.jpg (33 KB, 584x567)

33 KB JPG

>>107049648
If you have one lying around try it. Should be fine. If your worried then you could get some of those adapter trays. Uf you don't wanna buy those then maybe some jerry rigged foam? You could probably make it work anon

Can I do it for like $200 bucks? Like a shitty nas setup with 4tb?

>>107047472
>No NAT November
My ISP wants me to jump through so many goddamn hoops to get around their double NAT situation. Makes me real suspicious...

>>107049980
Just get a used think center on eBay and an ssd.

>>107047472
>>107047544
>>107049697
>>107049992
NAT did nothing wrong

>>107049648
I read ass thought you were trying to smuggle them through airport

>>107051073
Guys have you upgraded your servers to an ASS backplane yet?

after a year I randomly decided to try adguard home instead of pihole and this shit just feels much faster and has access to useful toggles
even the ui doesn't look so wooden

How would I redirect hardcoded dns if my tv uses 8.8.8.8 for example?

>>107052520
If you're running opnsense as you should just hijack 8.8.8.8 9.9.9.9 1.1.1.1 and other common DNS IPs and redirect them to your own DNS, filter from there.

>>107047544
sadly, my IPS forces me to NAT

File: 1759200370009139.jpg (227 KB, 1200x1313)

227 KB JPG

>>107052520
>How would I redirect hardcoded dns
Source interface: All, Destination interface: WAN, Source IP: All, Destination IP: GoogleDNS (8.8.8.8,8.8.4.4), Service: DNS (TCP 53, 5353, 853), Action: Block

And if your firewall/router supports it, you can simply redirect all traffic going to 8.8.8.8 to the DNS provider of your choice.

just bought a minipc, installed debian headless and plugged it into tailnet. Put in rtorrent and syncthing for now. Kinda excited at finally having my own linux server.

>>107052749
This. I use opnsense and I do this.

I followed this to a letter.

https://forum.opnsense.org/index.php?topic=9245.0

The only exception, is created an Alias of my phone / laptop that I want to be able to bypass my DNS filters on Adguard.

Works solid. Realized how persistent my smart TV is truck to escape the cuckbox. 25k+ DNS blocks every 8 hours just for one TV. Crazy

>>107053398
my first server is and was truenas. But seeing as how truenas is almost fuilly linux based now on latest versions, I will probably go full linux next....

just tried latest KDE' s remote desktop feature, it's fucking amazing, fully accelerated

>>107053398
it is kino but at some point you realize you need to plug the hdds in somewhere

any bazarr users here? does it not support the ability to embed subtitles into the containers?

are ASn ranges reliable for securing access with firewall or do these change with time? thought about this because I have dynamic ip and want to allow ssh only for my ips

>>107054728
remember that time the indians nuked the internet by stealing cloudflare's asn?

File: monkey.jpg (24 KB, 600x497)

24 KB JPG

want to install proxmox on a pc i have lying around. eventually and if i like this homelab shit i want to buy a dedicated nas and media server, but for now i will just lift some virtual machines or containers inside proxmox to setup jellyfin, some torrent client and even my own gitlab repo. how easy will it be to make that switch? (from virtual to actual physical machines and proxmox still managing everything), and is it better to modularize everything? like jellyfin on its own container, qbittorrent on another container, etc

>>107054926
proxmox is for tards. just use a server distro.

can i unplug the fan on my PoE netgear 24 port switch? i don't use the PoE and it's fucking loud.

>>107047472
NAKADASHl marin-chan

Would recreating my zfs pool and use 128K file size instead of 1M be worth it? >>107045374

>>107052520
>>107052609
>>107052749
>>107054387
Why not redirect all DNS requests? Port forward all DNS (53) traffic not going to LAN address to 127.0.0.1 (for Unbound on OPNsense).

>>107057778
Nvm, last post did exactly that.

>>107054387
>25k+ DNS blocks every 8 hours just for one TV. Crazy
Reminds me of that time I hooked up a samsung tv to a pihole for shits and giggles and the request stream consistently overwhelmed the pi kek

I have had plex running on my gaming PC and its been working great

>upgrades to huge 4k toshiba w/ built in google
>replaces entire library with 4k content
>tv struggles to stream over local network
>galaxy S20 streams fine locally and even while im at work
>speed tests show tv is downloading 200mbps over internet (600mbps locally)

Where is the bottleneck, is it the TV's cpu or other hardware? Even accessing the files directly over network without the plex interface gives me buffering issues when trying to watch really high quality movies

Is tailscale running some guerilla marketing campaign on reddit? Why does everyone act like using a reverse proxy means you're instantly going to get raped and killed by Russian hackers?

>>107057778
A bit buzzed at the moment so this is going to be long and rambly.

>Would recreating my zfs pool and use 128K file size instead of 1M be worth it?
You can set recordsizes on a per dataset basis. Put your stuff in different datasets and adjust the properties accordingly. RAIDZ is always going to have low IOPs, but there are some workarounds, particularly if you have a few random extra drives lying around. Option 1 is to recreate your pool as a pair of 2 2way mirrors. This is the "simplest" solution, and you'll get a lot of additional IOPs over the raidz, at the expense of capacity.

The fancier approach is something of a "why not both" approach where you add metadata special devices on top of the existing raidz. Note that metadata specials do not *have* to be solid state drives, that's just the default in enterprise settings because the assumption is that anyone using metadata specials is probably running dozens and dozens of vdevs and actually needs the IOPS to function. (plus at that scale the price of SSDs is in single digit percentages of the rest of the pool hardware.) If you have a couple of spare 500gig or 1TB drives floating around, try adding them to your pool as a metadata special. Note that you CANNOT remove these later because you have a raidz vdev, but you CAN take a checkpoint before adding them (checkpoint is basically a snapshot for a pool), and if this doesn't do what you want you can rollback your whole pool.
>https://openzfs.github.io/openzfs-docs/man/8/zpool-checkpoint.8.html

Anyways, the trick here is that you can use the small blocks property on a dataset to force all the blocks on that dataset to be stored on the mirrored vdevs, which improves their IOPS over the raidz. This is true even if the special device is comprised of spinners. I've done this for a while to host VMs and lxcs that don't need "true" SSD performance as well as ones that write out asinine amounts of data semi regularly because it means I'm not wearing SSDs.

>>107057778
>>107059675
I maintain that it's worth having metadata specials in general when using RAIDZ because that lets the RAIDZ do what it's good at, large linear read/write operations, and leaves the chaotic metadata to a mirrored device. Again, that's an improvement, even on spinners. If you have SSDs and aren't concerned about the wear and tear, great. If you haver mechanicals and don't need the SSD performance, great. Up to you either way, but metadata specials are great.

Do note that you'll need to rewrite all the data on the pool to migrate the metadata to the special device. This can be done in place with zfs rewrite, but note that snapshots will remain where they are. rewriting is creating new blocks, so your utilization will skyrocket until those snapshots/checkpoints are pruned. If capacity is an issue, try doing some limited stuff with specials to see if it will work, then purge the checkpoint/all snapshots and rewrite the whole pool.

>zdb -LbbbA poolname
That command shows you a breakdown of your pool data currently. The row titled L1 shows you how much of your pool is metadata (hint it's going to be tiny, especially with large record sizes and no dedup). Most of the rest of your specials can be small blocks data, so any random small capacity disks will give you a fair amount of capacity until you start dealing with 100s of TB of large records, or 10s of TB of tiny records.

>Monero
Honestly not super familiar with the behavior of monero beyond that it's using LMDB under the hood, which can be absolutely fucking horrendous for pointless I/O spam. How much ram does your system have? If you have a lot you can probably brute force things to a degree because things will sit in cache and be fast to lookup. Internet says monero only writes about 1.5GB per day, so nothing crazy.

>>107057778
>>107059688
General performance tweaks. See properties here. https://openzfs.github.io/openzfs-docs/man/master/7/zfsprops.7.html
>redundant_metadata=some/most
This reduces the amount of metadata being paved out. If monero is storing stuff in a single file then these two are effectively equivalent. The general gist of this is that zfs by default paves out fully duplicated metadata on top of the vdev redundancy. A 2 way mirror will have 4 copies of all metadata by default, so you'd need a total drive failure + two URE events to lose some piece of data, which just isn't likely. Dialing back the amount of metadata can make you susceptible to dataloss with a drive failure and a URE, but for something like a crypto database that can rebuild itself this may not be critical, plus you can always have 2+ drive redundancy at the vdev layer (3+ way mirrors, raidz2/3), which means you need various combinations of multiple disk failure and UREs to lose anything.
>compression=lz4
zstd is great, but it's burning cpu time, and most crypto databases are largely uncompressible, so just stick with lz4. lz4 is the default so if you never changed that on a parent dataset it'll default to on=lz4. Maybe copy your database over to a different dataset with zstd to see if it compresses notably better with zstd, but I'd wager it won't. If it does compress better, that can improve your ARC hit rates which reduces disk I/O.

File: 1755024553714346.jpg (22 KB, 391x391)

22 KB JPG

>2 days to get journal forwarding correct from guests to host
>now realize it forwards EVERYTHING with no way of filtering
>rsyslog removed by default on debian 12
>installing it would make most shit start writing to /var/log again

>>107057778
>>107059688
>sync = disabled
Bad practice in general, but again, crypto databases can be regenerated, so loosing a bit of history if your system crashes isn't a big deal. Worst case it takes a few minutes more to resync than if you were properly flushing writes to disk. During the initial synchronization this probably saves a fair degree of disk I/O because you aren't paving out tons of nonsense to the intent log as you rebuild the database. I'm assuming that monero is "properly" calling for sync writes here for safety (as all databases generally should), so bypassnig this and letting things accumulate in ram before periodic flushes will save a lot of I/O.
>recordsize =???
Honesty not sure on this one. The internal data store of monero is 4k in size (sort of), but you're probably better off with larger record sizes. Some of this is going to be dependent on how much ram you have. If you have enough ram to hold a decent portion of the database in memory, then larger record sizes are effectively prefetches for the ARC, and while you will be amplifying writes with larger record sizes, any aggregations within the same block will reduce IOPs being flushed to disk. Normally on databases you want your recordsize to be 1, 2, or 4x the DB record size, but monero appears to be primarily random read when syncing, so maybe leaving it up in the 64 or 128k range makes sense. Note that you don't have to delete and recreate your database when changing this value. Any rewrites will update the record size of the rewritten block(s), and so it'll "correct" itself automatically over time. The only things that won't be updated are things that are never rewritten.

>>107047472
I dressed up my anime sex doll like Marin

>>107054387
>>107059723
>small_blocks=(large value)
Set this at or above your record size and everything on that dataset will be stored on your metadata mirror. Easily lets you segregate datasets between the slower RAIDZ and the special. For your torrent stuff, leave this off, or maybe set it to 16 or 32k so that random text files and shit live on the specials. For anything VM related you can leave data on specials. Note that currently zvols stay on the non-special vdevs, but there is a pull request to fix this. Your disk images should probably be qcows or some other file format if you want them to exist on specials for the time being. The pull request for this is below.
>https://github.com/openzfs/zfs/pull/14876

Some of the above are useful in general. Setting small block >= recordsize and redundant metadata reductions on your VM can substantially improve performance with shitty hardware. It's all about managing IOPS at the end of the day, and migrating them to devices better capable of handling and/or reducing them improve performance substantially.

>fin
Again, long and rambly. Probably be up for a few hours, but no idea if I'll be coherent enough to respond to questions tonight.

How loud are ThinkCenter’s? I am going to put one on my desk and use it as a server running it 24/7. I sleep 5ft away from it. Am I retarded?

>>107059639
i've noticed this as well, and i think you're even understating it. i dont know if it's fire from the mountain for retards who dont understand networking or if it's nationstate coded. the vitriol i've seen is suspicious at a bare minimum. it's worse than people shilling for sports teams.
so i started drilling into how the hell tailscale set up their infrastructure and why they are a freemium service and apparently they're heavily VC funded for some reason. there is no fucking way in hell that their premium subscriptions are funding all those DERP relays (which are an obvious MITM) and that amount of free bandwidth, let alone the hardware. it's just not possible. one of their VC partners is associated heavily with in-q-tel, but that's the most i could find about their structure that sounded off.

File: 1749297899534.jpg (356 KB, 1149x507)

356 KB JPG

>>107059639
>whoopsie your system got gaped, goy. dont worry it wont happen again, Tailscale is very secure we promise, just keep using it ok goy?

>>107062229
how does this happen

File: arr_drama.png (77 KB, 1720x313)

77 KB PNG

arr drama unfolding currently on discord

>>107062382
why is it always discord trannies
I feel that you had to think a second before posting shit when you used real forums

>>107062382
zamn nigga, just put the tvs and movies in the bag

>>107059586
Is the server (your gaming pc) connected to your router over wifi or over ethernet? How far is everything from your AP? Do you use 5ghz or 2.4ghz? Maybe try using a wifi analyzer to see if there is channel interference

File: nextcloud.jpg (216 KB, 1920x933)

216 KB JPG

i'm that anon who asks about proxmox in the past that don't want to uninstall windows 7 on my retro vidya machine, also the anon who own "allegedly stolen" netgear r7800 with openwrt.
i finally bite the bullet and install proxmox now serving my own nextcloud with 0 spending, thank god for reverse proxy.
also behind cgnat and still able to do everything for free kek

File: proxmox.jpg (397 KB, 1920x926)

397 KB JPG

>>107062827
*picrel

I have defeated opnsense and it's weird gateway behaviour!

>>107059586
What are you using to play movies on the TV? The tv apps are usually pretty shitty and just cause problems. You might need to get a fire tv stick/roku/chromecast/nvidia shield or something like that.

>>107062382
>giving a shit about what people say on discord
why even bother posting inane shit like this. how much time do you waste on discord to even find useless stuff like this

>>107059586
my bet is on TV hardware. I have never used Plex, so I don't know what your options are, but I'd try out different codecs and bitrates to get some idea. does 4k playback from USB stick work fine?

>>107057864
>>25k+ DNS blocks every 8 hours just for one TV. Crazy
>Reminds me of that time I hooked up a samsung tv to a pihole for shits and giggles and the re'

I read that opnsense doesn't use any CPU cycles for dropping rogue DNS request like this, but imagine having a whole house full of TV's like this phoning home? eventually the router would basically be DDOS'd to death?

>>107057791
Maybe there is a better way to do this, but this worked for me?

I also am old school in that I set my network up with physically separate LANs instead of VLAN's, so I police chink hardware spying on my internal subnets via firewall rules and not vlan rules.

Maybe I'm paranoid, but I trust firewall rules in opnsense better than VLAN rules even though at a code level they are probably the same.

This guy explains it well to a network retard like me.
https://www.youtube.com/watch?v=TjXkWSjYqlM

Is this the right thread to ask which 8tb external hdd I should get?
I wanted to get a WD mybook one but after I learned they use fucking hardware encryption I'm kinda turned off.

>>107064994
Buy a normal high capacity HDD. Then buy a USB enclosure.

Has anyone tried building their own server rack with aluminum extrusions as the frame?
I'm trying to find one that can fit flush under my desk but there's either a gap or it's too high.

With >10 year old laptops, why is it a dice roll whether or not replacing the HDD with an SSD will work? Is there some way to trick it into working? I installed OpenBSD to both the SSD and HDD from CD on the laptop, and only the HDD boots.

>>107065613
Get rack rails and mount them on some wood.

>>107065690
Is it a capacity issue? Many old systems can't support larger capacity drives.

Could also be a sector size issue. I've seen bioses that freak the fuck out at 4k sector drives, so they need to either be 512 or 512 emulation.

>>107065690
maybe incompatibility with SATA version (even though it supposedly is forwards and backwards compatible), so far all my old laptops worked fine (SATA1 host, SATA3 device).
>>107065851
Unlikely, by the time SATA1 was mainstream all devices supported 4k sectors

>>107065826
Honestly was my first idea. However buying wood is more expensive than buying the aluminum extrusions.

>>107065851
>>107065856
I'll try a smaller SSD, but trying to go into BIOS settings to check AHCI seems to freeze this Toshiba A120 Satellite. (And as this is /hsg/ you can say if that's dreadfully underpowered for a home server)

>>107066110
I ran a Pentium 4 2GB RAM home server for quite some time a few years ago so there's no really "underpowered" when it comes to serving, it just depends on your workload

File: seed.png (24 KB, 699x154)

24 KB PNG

>>107047472
I'm gonna do it bros

>>107065938
Depends on whether you want it to look decent. You can get 2x2s for very cheap. It's shit wood, but if you aren't trying to make it look pretty it's very cheap. If you want to do it out of white oak or something, yeah, that's going to cost actual money. On the other hand, you can do 1x2s or 1x3s or something like that and be fine. You don't need a full 2x4.

>>107047472
Hoardlet here. Can I get away with using WebDav instead of smb/samba? I'd prefer to only deal with one if possible. I'm on linux, and I've read samba is a pita to use/set up with linux, and is less secure and performant over the internet. On the other hand I've read WebDav isn't finicky like Samba and is more secure over the web, though slower on lan in comparison. Considering using rclone in either case since I've read the perform well with smb and webdav. My use case for the moment will probably only be lan file sharing/streaming, but I may want to remotely download files in the future. Thinking of just using jellyfin for the streaming. File transfers will probably mostly be handled by rsync. Not using nfs since it's poorly supported by android from what I can tell, and the pc I'm borrowing from a friend until I build my own in a few months is windows, though I might just buy an nvme and put linux on it since I will have to do it anyway when I build my pc.

>pita to use/setup
nope, i literally just setup a proxmox lxc for smb server with alpine templates and run these three commands
apk add samba
rc-service add samba default
vi /etc/samba/smb.conf (to serve the dir i want to serve)
and it's up and accessible from my windows machine

>>107068016
Thanks for your input. I remember reading about all these conflicts people would have with permissions since it's meant for windows not unix, among other things. Something else pushing me toward samba is that it seems like mounting webdav shares as network drives would involve FUSE, which makes it slower, less reliable, etc. Not sure how true that is though. Just to be clear, what I want to do is transfer files onto the windows desktop pc storage drive, then just share/stream the files to other devices like my android phone and linux laptop. I don't need/want them stored locally on the other devices.

>>107068190
>mounting webdav shares as network drives would involve FUSE, which makes it slower, less reliable, etc.
meant to also say "from what I've read" at the end. Don't know how true this is as I said.

>>107059767
>Again, long and rambly. Probably be up for a few hours, but no idea if I'll be coherent enough to respond to questions tonight.
Based. Enjoyable read, but this reaffirms my original suspicion that I should just upgrade the boot drive and use that for seeding and a monero node, and the pool just for media storage as was the intent when making it.

File: maxresdefault-3074654234.jpg (118 KB, 1280x720)

118 KB JPG

>>107067651
I might do this instead. I'm just worried that if I make a DIY rack that it can't support the gear and just collapse. Maybe I can forgo the rack rails (pic related) and just make some kind of shelf, but again, I am not a woodworker, I don't know what screws I need to support all my server stuff.

If I can stuff them in an Ikea Alex drawer then that's perfect. Since my desk is basically just a countertop with Alex drawers as the legs.
https://www.ikea.com/ca/en/p/alex-drawer-unit-on-casters-white-80485423/

File: 1751186753773970.png (60 KB, 725x598)

60 KB PNG

>>107066200
>::5eed:5eed:5eed:5eed
::feed:5eed:feed:5eed
::466f:726d:6572:6c79
::2043:6875:636b:2773

>>107069032
You don't need structural screws to support a home rack. You shouldn't use drywall screws, but any generic wood screw will do just fine. Even deck screws will be acceptable.

I have a proxmox server with one debian vm running just a samba server and other vm for docker for stuff like jellyfin. I noticed that the docker vm started acting weird, some docker services worked but others not, restarted the vm and now it gets stuck at a black screen with a _ blinking but it doesn't accept any input. I did see when booting up it was a problem with fstab, it said "checking was requested for, but it is not a device". I can access the samba shares from other devices so those are not the issue. I didn't make any changes or updated anything on this vm, any idea what might be the problem?

I've recently started buying some HDDs and I've been running badblocks to test them, I want to have a dedicated testing rig when I do them. Does badblocks need a decent CPU or RAM? Can I just buy some Dell mini PC on ebay and call it a day?

>>107070136
Literally any shitbox with sata ports can badblocks test a drive. A TI-83 could run badblocks because it was made to test floppies. Set the block size to something large so that it runs faster. 16M is 16777216, or go even larger. Honestly though, unless you're buying used drives of questionable provenance, I'd just do one pass with 0xaa or 0x55 and call it a day, or realistically, not even use bad blocks. Trudging through reading and writing a full 28 tb drive 4 times will take more or less a solid week. It's thorough, but it's a flawed test because bad blocks can't necessarily detect translation errors where the drive is writing or reading from the wrong sectors.

If you do want to test drives, make a zpool with default settings in an n-wide mirror. Pave out a few TB of random garbage (dev random or just copy over a bunch of blueray rips or something), and then scrub the pool. Sure, you're not hitting every single sector, but you are forcing the drive to actually do real 'work' as opposed to a benchmark. It's quite rare for a drive to misbehave in a way where splatting out a few TB of data and scrubbing it doesn't trigger an error, but bad blocks will.

As data density has increased, things have gotten smaller and smaller. When modern drives have platter failures, they tend to outright shit themselves these days. They might start generating read errors because of a bad head, but that doesn't care about where you're pulling data from. The failure case where you have random holes in your platters doesn't seem to happen much anymore. Besides, you should have some degree of redundancy in your RAID array to begin with, so even if you somehow get a drive that passes a basic zfs splat test but has minor issues, you can replace it later without running into issues.

>>107070411
Different anon here. Any thoughts on RAM testing? I currently do four passes on Memtest86 to do basic hardware validation and then a few hundred % on HCI MemTest with thread to worker distribution over the total capacity.

>>107065690
>dice roll
lol
the dogshit distro is a dice roll when it comes to hardware support, not the laptop itself
i can boot or install or swap debian and windowsXP/7/8/10 on any laptop made after 2002 with no issues

File: 1564643904219.jpg (193 KB, 900x900)

193 KB JPG

perhaps a strange question, but
if they're about the same price, would you get molex to 4 sata power breakout cables or molex to 5 sata power?
I always thought "floating pins" could cause some fuckery if you're only filling 4 interfaces of those 5 breakouts

>>107068190
yeah you do get permission error but i believe this is because i'm running lxc so i'm defaulted to root for everything
anyway i just did
adduser smbuser
smbpasswd -a smbuser
and chown the folder i want to share to that user and it's all good
if you want the smb server to be broadcasted(shows up on windows explorer networks) you should also install wsdd too,

>>107070960
They're all connected in parallel so as long as 1 connector is used none of them are actually floating, and even still it's just power so it doesn't matter.

What's a self hosted alternative to tubearchivist? I thought it was supposed to be this easy to use thing where I just point it at channels and it'll download things, but it's breaking every week and it'll stop downloading again. I'm missing some many lewd mmd dance videos fuck.

>>107065613
are you trying to cook yourself or something?

>>107070960
Get good ones, I fried a bunch of drives with these things.

>>107046629
you could also use the docker image which is actually just hydrus running in VNC. janky but it works.

>>107070517
Memory testing is faster than drives, and memory is more critical than drives, so I can understand people wanting to fully test it. That being said, if you're pressed for time, go straight to the hammer test in memtest. I haven't observed this happen with DDR5 yet, but I've seen dozens of DDR4 and DDR3 kits that will pass everything except the hammer test, and a few more that failed a few different tests including the hammer test. I have never seen a kit pass the hammer test and fail something else. It's possible conceptually, but the hammer test is brutal.

I do a full test pass overnight when building new systems, but if I'm just double checking stuff after a minor hardware change, I'll do a hammer test over lunch or something and call it a day.

>>107062827
>>107062879

Now let me change your life https://community-scripts.github.io/ProxmoxVE/

>>107047472
My wife Marin

Thinking of installing my NAS baremetal instead of inside Proxmox. Thoughts?
Pros:
Easier to manage since I don't have to fiddle inside Proxmox for drive passthrough and all that other shit. SMART monitoring actually works.

Cons:
Have to buy a new machine.

File: 1754764568438769.jpg (99 KB, 1200x804)

99 KB JPG

Posted on /sqg/, got no answer. Trying here:
So how does a VPN work? Like wireguard or something self-hosted like that? I understand what it does, but I don't understand how it does it.
>you're out and about
>connect to a certain address, on a certain port
>VPN picks up your connection
>now you're on your home LAN
>but you can still access the internet
So the connection comes in via the VPN, then goes out via your router to the wide web? Or does it only use the VPN to access stuff on your LAN and bypasses it when going out to the web? What's the deal with ports? If I can access the VPN from the net, why is it safer than opening your server to the internet without the VPN?

>>107075237
>why is it safer than opening your server to the internet without the VPN?
authentication

>>107075237
>So the connection comes in via the VPN, then goes out via your router to the wide web? Or does it only use the VPN to access stuff on your LAN and bypasses it when going out to the web?
depends how you set it up - both are possible.
>If I can access the VPN from the net, why is it safer than opening your server to the internet
Generally a smaller well tested attack surface like wireguard is considered safer than what may be lots of smaller niche projects directly exposed.

>>107075266
So far I'm trying to learn the basics of networking, not really caring for the services I'll be hosting in the future. I'm just trying to ssh remotely as a learning exercise.
If I were to not use a VPN, each individual service would be exposed independently to the web? Instead of just exposing the VPN, you say?
>wireguard
That itself would be one of those services I'd be hosting, right? If everything is conteinerised, how can that allow access to the other containers if it can't touch them? It goes via the LAN like this?
>connection comes in
>VPN's into LAN
>LAN's into other service
>response goes back the same way
Won't take make it slower? I don't care about movies so the only thing I'm planning on streaming is music (and books, but I think I'll just download those from my private cloud), will that impact performance for my application?
>>107075263
>authentication
What are some options I can set up for safety? ssh uses key pairs which seem quite secure to me, can I do the same with VPNs?
Once I set up the VPN and without exposing the other services, will they work straight away with the VPN as if I were accessing them via LAN or do I have to set them up to only accept access from my private IPs?

>Manage to get a USB wireless dongle to show in opnsense VM
>Interfaces: Wireless: Devices: ADD
>Parent Interface:
>Nothing
Alright, what other bullshit do I need to check to get this working? Not passing a hub, just the USB device directly, which opnsense console sees.
Unless it's better to have the host manage the wireless device and just pass an extra interface into opnsense? It's realtek so that's probably the quicker solution.

File: 1743993002873859.jpg (42 KB, 866x609)

42 KB JPG

>>107062382
w10 chads running 0 gay addons stay winning

>>107062382
I see my policy of avoiding any software where the devs have an active discord presence continues to pay off.

>>107073818
what can do with it? i mean i already used it to get rid of the nag, enlighten me.

>>107062382
I think I'm one of the few people that doesn't use *arr. I'm not a fan of automating my torrents, and I'm very picky on what to download. I always do it manually.

>>107076076
I recently got fiber and even more recently figured out how to route an entire VLAN through a wireguard tunnel to a VPS and port forward on that VPS so my rtorrents are connectable.
Now I have to manually readd thousands of torrents because last time I was massively active. utorrent 2.0.4 was the height of technology.
Fun times

>>107076272
>readd
See, that's different. If I ever need to readd torrents I use a script for it. I'm fine with that, I know what I torrented already.
Adding new ones is a different matter. With automation I don't know what it's adding, what quality it's in or if it has shit I want or don't want.

How does IPMI work? I plan on getting a cheap X10 Supermicro board but I don't plan on adding a GPU (for troubleshooting) on it. From what I read you can control the computer on another PC so you wouldn't need a keyboard and mouse. But how does video work? Does it send the video signal through the IPMI to my main PC and that's when it outputs it?

File: IPMI.png (126 KB, 1249x756)

126 KB PNG

>>107076628
>Does it send the video signal through the IPMI to my main PC and that's when it outputs it?
Pretty much, yeah. Most IPMI/Out-of-Band solutions provide some shitty ASPEED "GPU" for picture and
provide basic remote functionality to check hardware/power on/off, mount virtual media for install or just
remote control in case you fuck up. Ideally with a dedicated LAN port as well.

For Supermicro, I have some vague memories about them having some shitty licensing impacting...something.
That could be easily defeated via some script and the boards serial...

>>107076628
>>107076763
found it
https://github.com/manfromafar/supermicro-ipmi-keygen

>>107076938
Oh man, thank you.

>>107076763
For X10 boards specifically the licensing is for virtual media support.
I think for some boards it's also updating the BIOS but in general both are pretty useless unless you absolutely need to flash a BIOS
The virtual media also requires a working SMB server and there is zero feedback on why the hell it isn't working.

>>107047472
Where is this book/course? Can't find it.
(OP pic)

>>107076997
It's not real and you don't need a book https://gist.github.com/timothyham/dd003dbad5614b425a8325ec820fd785

File: 0_8qurAvTEPPXx34H4.png (42 KB, 829x721)

42 KB PNG

>>107047472
>Have a Home Desktop used as a server.
>2700X, Taichi x470
>Running XCP-NG
>2x16GB RAM
>Upgraded to 4x16GB sticks
>BIOS sees all sticks.
>Boot into XCP-NG only 32GB is usable

Any ideas why? If I turn off SR-IOV all 64GB is usable. But I need that shit for PCI passthrough

hurr durr so I own a domain, have a VPS (headscale installed), and am running a bunch of services locally in my home lab, but I still use IPs to access these services and have avoided TLS and shit, but I guess I want to be able to access my home lab from anywhere and maybe using my domain name with https of course yet avoid exposing services to the internet like a retard, and apparently I should maybe use a reverse proxy and I guess the VPS would work as a nice buffer between my home lab while hiding its public IP should I host some game servers or something I guess that'll need exposure. Also, some services should be accessible to members of my family too, maybe using Wireguard (to my opnsense router?), but in a secure way. I have vlans, so maybe I should isolate their access to a separate subnet this way for security too (should I do that for game servers too?) So what the fuck do I actually want here and how do I go about doing it?

I chose to go with diarrhea of thought for this post thanks for reading my blog.

>>107078906
Wireguard or OpenVPN comes on quite a lot of good routers. It's on ASUS routers and Ubiquiti, where you can just Wireguard into your home network really easily.

Yeah you'd be wanting to port forward or use NGINX. I didn't even learn how to use NGINX, AI can make the files for you within like 10 attempts and you'll never touch it again and just copy paste the templates so who cares. Just LLM the files.