>>108610550
why do people even post in these threads again?

>>108610565
Why do people even post on 4chan anymore with 30-60 second long hangs / timeouts every time you hit the post button?
>>108610392
There's a fork of it that's actively maintained:
https://hub.docker.com/r/nickfedor/watchtower

File: maxresdefault.jpg (93 KB, 1280x720)

93 KB JPG

Wendell here. I'm fat as shit. Come to my forum so we can gate keep expensive hardware. Also watch me and my dysgenic coworkers on our video cast. Fuck you.

>>108610575
>answering my question with a question
oh okay this thread is for clueless bumblefucks. got it.

File: 20240807_001718.jpg (33 KB, 718x862)

33 KB JPG

>>108610550
Yummy mama

>>108610614
Yeah, I've got nothing. Why are we here?

>>108608826
yes

>>108609147
>parity drive
oh i dont raid i just keep everything on one drive

>>108610550
Based OP.

File: Screenshot_20260329-18130(...).png (525 KB, 720x1604)

525 KB PNG

Imma post here and hope for answers otherwise I'll do a thread. I'm pissed off

I got an openwrt one router, reflashed everything, connected it, access the webui and my wan interfaces are red. It's switching from present to absent.

I have a modem from my ISP, nad just got this router to fuck the ISP router. But it won't get an up address.

I tried changing the brlan ip address in case the modem has the same one, not working

I tried spoofing the Mac from the wan device , mac of my old router it still won't work

I let it power cycle for like 4 or 5 mins it still doesn't fuckkng connect. My ISP does not have a Vlan id and it uses DHCP so this should work. Idk what to do anymore

>>108610745
is your wan and bridge-wan enabled?

>>108610745
>>108610762
you can also connect the wan to another router to see if dhcp works. if it doesn't then you know it's your config.

>>108610762
Do you mean if the interface is started or not? I restarted it it jumps between the state of present and absent yet the color stays red

>>108610772
Shortly before I had my original router in it and working, do u mean putting the wan in my original router and putting it on bridge mode to the openwrt one?
And if it works, I'd like to only use my openwrt router

>>108610745
I would investigate this properly with a mac-spoofed linux box connected to wan and wireshark/tcpdump to see exactly what happens.
Also what model is your old router? Are you sure it takes just plain dhcp to connect further to wan and not some pppoe link or some weird mtu setup and so on?
Any way to confirm the mac was spoofed correctly?

anyone here using ceph with a single node setup?

>>108610799
just connect the wan to a dhcp server and see if it grabs an IP.
if it does you know it's an upstream problem.
the bpi openwrt support is shit.

>>108610799
Do this:
>>108610954

This is literally all you need in /etc/config/network for a nice ISP (like I have) that does standard DHCP with no VLAN tags or PPPoE fuckery, etc:

config interface 'wan'
        option proto 'dhcp'
        option device 'eth0'

config interface 'wan6'
        option proto 'dhcpv6'
        option device 'eth0'
        option reqaddress 'try'
        option reqprefix '56'
        option norelease '1'

Also if you can SSH into it from the LAN then check the logs:

logread -e netifd
logread -e network
logread -e dhcp

Etc.

>>108610954
>>108610984
Actual fucking hero, i wish I could try it out rn but Im not home until later
Thx

>>108605058
use cli or SwOS then you homo

>>108610565
I have questions and a delusional hope that someone here will know more than a free tier AI model with web search, but they never do.

You know what grinds my gears? Having unlimited bandwidth but not being able to host anything because my ISP doesn't have any sort of port forwarding in the router they gave me, and because it's 5G Internet I'm locked to their router (though I have considered finding a PCIe WWAN card and seeing if I can talk my ISP into moving my SIM from eSIM to a physical module and slap it in my old home built 10Gbps router)

Maybe I'll try to find someone in customer care that's too stupid to know that the router ban doesn't apply to ones you already own, and convince them that I have a government job that requires me to be compliant with the ban so I HAVE to use my own modem/router that was assembled in the USA by me so there's no risks to national security?

It's either that or pay for a VPS so I can run a reverse proxy.

>>108611058
Also one more thing. Leave your router disconnected for a bit before you do this.

If your ISP is paranoid they may be tying auth to the old DHCP lease on your old router and then send a bunch of DHCP NACKS preventing you from connecting. If this is the situation (I encountered this before after doing a fresh OpenWRT install because the DUID that the DHCP client was sending was different) then it will fix itself eventually when the lease expires.

>>108610611
I once added this nigga to my pinchflat and forgot about for a year and that resulted in accidentally downloading 3tb of video podcasts

File: 5259911afa3f298f30c75bdc4(...).jpg (217 KB, 1491x2105)

217 KB JPG

>>108610550
I don't know if I'm just missing something obvious but after moving to Proxmox I cannot seem to get port forwarding working for the life of me. I've been troubleshooting this for hours.
VMs show up in OPNsense and the rules worked fine on bare metal, but after putting them on Proxmox everything is getting hit with a Default deny / state violation.

>>108610550
SAUCE

>>108610575
>Why do people even post on 4chan anymore with 30-60 second long hangs / timeouts every time you hit the post button?
It's more than here, cyber war is ongoing.

>>108611392
Reverse Image Search is your friend. But that is Dakoda Brooks.

>>108611251
Is OPNsense a VM on the Proxmox host?

>>108610575
>Why do people even post on 4chan anymore with 30-60 second long hangs / timeouts every time you hit the post button?

It's is not just here. Lot's of systems are being effected. You are just oblivious, it is a mix of cyber war and this

"The exploits it constructs are not just run-of-the-mill stack-smashing exploits (though as we’ll show, it can do those too). In one case, Mythos Preview wrote a web browser exploit that chained together four vulnerabilities, writing a complex JIT heap spray that escaped both renderer and OS sandboxes. It autonomously obtained local privilege escalation exploits on Linux and other operating systems by exploiting subtle race conditions and KASLR-bypasses. And it autonomously wrote a remote code execution exploit on FreeBSD’s NFS server that granted full root access to unauthenticated users by splitting a 20-gadget ROP chain over multiple packets."

If you don't have your offline LAN you are too late. I told you all there were race condition exploits in the linux kernel checked in by bad actors and you just would not listen. In two years the internets will be a smoking radioactive wasteland.

File: 1769254598104659.png (70 KB, 936x647)

70 KB PNG

>>108611416
This would never happen if 4chan deployed IPv6 already.

Reminder that Iran has no IPv6.

>>108611135
cloudflare tunnels is one popular solution. tailscale may have something.
great. now i'm getting cloudflare error pages inside the tiny little captcha box. what the hell. it'd be nice if the admins of this place talked to the users.

>>108611565
>it'd be nice if the admins of this place talked to the users.
Whenever they have the majority of users just wig out and start acting fools.
I would also like to know what is happening though.

>>108610575
thanks for this
I’ve been wondering about the flakiness and evidently it’s not just my computers with the 4chan pass

>>108611538
>has no IPv6
use case?

>>108612085
>Cuts off all bot attacks from the Middle East free of charge
>*Can't attack your site if they can't route traffic to ::/0*

>>108610550
sauce

I love you, /hsg/ anons.

File: 0330_02.png (981 KB, 1400x2000)

981 KB PNG

>>108610550
I find convertx to be a very useful service, purely for converting gifs that my phone has saved as mp4's back to gifs. There're a lot of websites that do this obviously, but this is much faster and it's nice to keep my media on my systems if I can.

It's the Tp-link Tl-sg2218p
A good switch for baby's first home server

is coffee good for you?

>>108612564
Probably. I have a T1700G-28TQ. TP-links software is shit hot garbage but it is cheap and good enough.

If I did things over today I'd probably buy Mikrotik, but this was the cheapest switch that let me build out a 10-gigabit network at the time.

>>108611445
No, it's on its own computer

>>108612564
yeah it works fine. No problems here

File: connectport.jpg (221 KB, 1440x1396)

221 KB JPG

>>108610575
I post funny stuff the for the agent filtering the posts to look at

Can anyone recommend a good transparent tls termination thingy? For my use case i have a server with a /112 prefix dedicated to podman containers. I want each container to have its own ip. Most of this stuff is http, so currently i am using haproxy in front with the x-forwarded-for bullshit, but ideally i want the tls termination to happen transparent to the container. My goal is really to make the entire connection chain as simple and end-to-end as possible, thats why each container gets its own ip. No SNI snooping or reading http headers.

File: 움짤320.gif (106 KB, 200x200)

106 KB GIF

What's a good option for a 2.5G PCIe Ethernet card?
It needs to be reliable and have working power management under Linux.

>>108611251
Never mind, I'm an idiot. It's been so long since I changed anything that I forgot that port forwarding and firewall rules are different things.

File: HF_x1lya8AAAt32.png (731 KB, 730x746)

731 KB PNG

>>108613380
Intel X550 and force it to run at 2.5G with
ethtool -s eth0 speed 2500 duplex full

>>108610550
I'll scan her ports if you know what I mean

File: fat_cat_sitting_on_glass.jpg (26 KB, 640x633)

26 KB JPG

>>108610550
I have a dedi server that I use to host what I want.
So far I've replace my gmail and dropbox with local linux services.
What else can I replace? I checked out that "Awesome Self-Hosted" github page, but there's so much on there that it's difficult to find worthy projects.

I'm basically trying to replace all my online services with local services.

>>108613887
Looks nice but it costs more than my CPU+Motherboard

Would having x2 LSI 9300-16i (second PCI slot and the other Chipset), with a 6900xt in the first PCI slot create any issues on a Crosshair VIII Dark Hero motherboard? I currently have one LSI HBA and my GPU still runs at x16, because of the controller on the HBA. So I'm just wondering what would happen were I to get another HBA and put it on south bridge.

>>108614054
>I've replace my gmail
how

>>108614071
If you want cheap then your only option is one of the various rebranded Realtek chipsets.

>>108614054
>I've replace my dropbox
how

>>108611392
https://yandex.com/images/touch/search?tmpl_version=releases-frontend-images-v1.1756.0__02c46b34d70f38da062024cf7148364895cdae28&lr=87&crop=0%3B0.016%3B1%3B1&redircnt=1776347064.1&rpt=imageview&url=https%3A%2F%2Favatars.mds.yandex.net%2Fget-images-cbir%2F1607195%2FalU_JO9lZl0EuCVb58KOJg7090%2Forig&cbir_id=1607195%2FalU_JO9lZl0EuCVb58KOJg7090&cbir_page=similar&img_url=https%3A%2F%2Fsasisa.org%2Ffoto%2Ffoto%2Fa881356%2F67bc83e08abb81.676864671740407776_67bc83e08abbd2.26355699.jpg&pos=52

>>108611392
https://yandex.com/images/touch/search?rpt=imageview&cbird=178&url=%2F%2Favatars.mds.yandex.net%2Fi%3Fid%3D45b7da8038006321af63a9b1dc6ca781_l-4504894-images-thumbs%26ref%3Drim%26n%3D13%26w%3D670%26h%3D1006&cbir_page=similar&cbir_id=9510176%2FYeMsfzR6op90Oshtvd23TA8123

>>108614054
>I'm basically trying to replace all my online services with local services.
Step 1: find online services you use
Step 2: if a self-hosted alternative exists, install it and stop using the online service

Email and storage are big ones, if you have family or friends you could set up a private XMPP server for them and maybe calendar sync. A lot of people host media libraries and you can do a ton of stuff with that, I don't watch TV so I've never tried it but I heard you can auto-scrape torrent trackers to auto-download new show releases and have them available in a TV-like library to watch across any device you connect to your server, shit like that. Same for music streaming to yourself.

https://newsroom.intel.com/client-computing/intel-launches-intel-core-series-3-processors-changing-the-game-for-everyday-computing

>>108614949
>Ctrl+F
>AI
>Only 37 matches
It's going to flop

File: Screenshot_2026-04-16_23-21-33.png (499 KB, 1757x671)

499 KB PNG

hello /hsg/
here's the shit i host
recommend me some more services

>>108612284
Love u too

>i226-V NICs are bad for servers
Why?

so I have another weird truenas thing I'm trying to optimize
I have a truenas SCALE box running an SMB share
if I move a file using qbittorrent, it moves nearly instantaneously, regardless of filesize (presumably just updating the file location without actually moving any data)
if I move a file with windows explorer, it reads and rewrites the file, at a rate of ~400MB/s
is explorer just retarded or is there some setting I can change to fix this? would NFS shares be handled any different?

File: 2026-04-16-14-09-13-214.jpg (1.19 MB, 3000x4000)

1.19 MB JPG

There is a bunch of Apple Xserve at the local thrift store, bewteen 20€ and 70€

>>108610550
I let my lust overtake me and reverse image searched and now I am hiding your thread and putting on a filter

>>108616380
>ransacked gpus and sfp cards
lol

>>108616258
is that the one that was buggy?

>>108617115
I don't know man, I'm just asking because I found an interesting chink mobo with a n100 and it has this NIC

>>108617135
i think that the early versions of that chipset were buggy and a later rev fixed it, but you had to confirm which rev was being used. you'd think by now all the chips being sold were the fixed rev, but there's no guarantee. i think realtek STILL sells buggy 2.5Gbe chips despite having a fixed version. the i226-V stuff is all from memory though.

>>108617156
I will pass this board because it's a used one from a local seller and the nic will be probably the old version. I don't want to start with problems. Thanks for the info.

>>108617273
>a used one from a local seller
look for Supermicro or Huananzhi boards, they dont have meme network cards

>>108616380
>local thrift store, bewteen 20€ and 70€
these are australian ebay prices

>>108610550
Need this wallpaper, source?

File: syncthing.png (45 KB, 1205x605)

45 KB PNG

>>108614234
mailcow

>>108614611
i run syncthing as a service on my windows machine and linux machine, i use an addon to manage it through a web interface on both instances

The hidden folder is my website's folder. I edit/save my html/php/js files locally and syncthing auto syncs it to my webserver so I don't have to fuck with sftp/ssh for simple uploads

Also I have my data folder set to pull only instead of push/pull. This way if something happens to my server, the files will remain on my pc. There's also other settings to prevent mass data loss etc.

Really neat service

How many of you bother with a secure vault on your server like Vera or Cryptomator? Is it even worth it?

Does docker collect telemetry or any type of data?

>>108619114
Baremaidens Atoka

File: 1504081113679.gif (454 KB, 256x256)

454 KB GIF

I see radarr/sonarr mentioned here and there, but what's the sales pitch exactly?
If I'm not waiting for new episodes of a show to release, but instead just searching for old movies what exactly is the added value?
I don't want to set up something I won't use, so I appreciate your insight.

>>108621731
it handles file organization and download quality

>>108619941
What would you put in your vault, and how is it secured anyway?
I've seen people set up full disk encryption using TPM unlock, which protects storage drives from being yanked (and lets you easily "wipe" them by deleting the header, especially important for SSDs which are very unreliable in normal wiping) but doesn't protect the server against being stolen. Fine if you have a rack, probably.
I've also seen people set up ssh unlock which is probably the most secure, but also requires manual intervention on boot.
I've seen one guy on reddit mention having some setup with a raspberry pi hidden somewhere else in the house that provides the encryption keys over LAN, so that way the server is secure against theft provided the thief doesn't also find and steal the hidden raspberry pi and then try booting the server with the pi set up and running.

I've also seen people do something retarded like having a keyfile on a USB stick in the server, or storing it outside the encrypted volume but still in storage that can be removed/stolen. Then if anyone were to grab your storage they'd also almost certainly grab the password for your encrypted vault.

>>108621959
i do the remote ssh unlock method

>>108620952
you're not supposed to ask this question
reminds me of a mate who was shocked when he found out his android ssh client sends pings a dozen servers everytime he starts typing.

>>108614988
what is this gui ?

>>108622085
Unrelated but I remember seeing an "ethereum address converter" website one time, basically a trivial javascript frontend to convert public keys, private keys and addresses. I needed a quick conversion for development so I opened the network tools for a laugh and indeed when you entered a private key to convert it would ping the server, while none of the other conversions had any network activity

>>108622085
>android ssh client
termux?

Anyone know any mini pc’s that are new enough to transcode anything for jellyfin and have enough power to run a few things on docker? I also want to connect a bunch of sata hdd’s to one and make a catbox moe clone or something

>>108622203
Termux is a terminal emulator

>>108622325
i think the best low-end stuff relies on intel quicksync for transcoding, so that narrows things a little.

>>108622429
yes, and you run openssh in it
how else would you do it on a phone?

>>108622475
>and you run openssh
So then say openssh, not termux
>how else would you do it on a phone?
Using any other app that acts like an ssh client
https://www.google.com/search?q=android%20ssh%20client

>>108622550
>Using any other app that acts like an ssh client
Yeah, that's just asking for malware

>>108622583
>this guy was using an ssh app that was malware haha
>"was it this reputable, open source app?"
>no it was a random malware app
>"wow that's just asking for malware"
An LLM has better conversation flow than you

>>108622622
An LLM would also come up with a more reality based summary, so what's your point?

>>108616258
I'm not sure what the copied OP's reason was, but for me I skipped it because it doesn't have SR-VIO. I want to virtualise the NIC for some stuff I'm doing. That might be a factor for you too.

>>108620952
No but dockerhub does not that it matters

File: file.png (47 KB, 1259x232)

47 KB PNG

>let cat watch cat-brainrot on Roku Youtube app
>decide to check PiHole

Jesus Christ how horrifying.

File: file.png (80 KB, 409x1189)

80 KB PNG

>>108623879
Every 2 seconds it spams a request. Fucking crazy.

>>108623905
roku is bad. are they still running ads on the hdmi ports?

anons, what tools exist to not expose my IP for my online local services?
are there free reverse proxy services I can use?

>>108625103
Cloudflare Tunnel
You can also rent a VPS and use SSH reverse port forwarding to your local service.

>>108625363
>Cloudflare Tunnel
can this be used long term?

Getting sorta close to having my tailscale based website finished
Hopefully it'll give everyone something else to host

>>108622550
>Using any other app that acts like an ssh client
anon, they're all terminal emulators. whether or not you are using it to ssh into another computer is pretty basic feature of them. some advertise it as their "special thing" because they probably make you pay for the premium version that saves your "profile"

>>108623905
Got nothing on my TCL
It requests ai.tclking.com literally every second.

File: OOOOOOOOOH.gif (2 MB, 200x200)

2 MB GIF

I really need to do something about the 81gb of shit I downloaded from sadpanda
lanraragi doesn't work because they aren't in zip files. Seriously what a weird ass decision to base your entire software on.

>>108610745
You purchased a Banana PI. A chinkanese company with an SBC that has device tree blobs to boot...KEK!

>>108628022
You're supposed to drop the name of the product you're trying to shill

>>108628061
Enjoy tearing your hair out trying to configure this not to mention troubleshoot.

>>108625491
Yeah. https://developers.cloudflare.com/tunnel/setup/#publish-an-application

>>108628814
thanks anon

>>108610550
Are there any good free softwares to make network diagrams? I want to basically have one diagram for my entire network, from physical, to VMs, to containers and their ports. Diagrams.net or draw.io or whatever their software is hosted as is a bit too raw for this i feel like. (Especially for maintaining it)

>>108627239
cbr vs cbz? simple script to unarchive it into a dir and rearchive it with the other format.
>>108629557
graphviz

>>108628061
the obvious choice is radxa x4

Anything useful I can do with an optiplex? I bought a used one to use as a router but it's not feasible with my ONT location. I already have another optiplex as my server so I'm not sure what to do with it.

>>108629976
No I have them in loose files. You know so I can actually view them without being dependent on some other software.

>>108632460
>without being dependent on some other software.
Except the software to actually view the file...

>>108632774
lmao it's a fucking jaypeg there are trillions of image viewers out there
as opposed to whatever fotm comic viewer/manager unless I want to unzip every time I view one (I don't)

>>108627239
To add to this it's wild that a software very clearly built with EH galleries in mind is architectured from the ground up to be compatible only with one of the three download methods from EH.
What's that? You run H@H? Get fucked. Oh you prefer torrents? Take a hike.

>>108632823
Any mediocre image viewer should be able to open zip archives.
Unless you are a wintard using the built in photo viewer.
But even then, the fucking file explorer can open archives

>>108631749
use it as a 2nd node for proxmox

how does proxmox not have its own graphical/web UI to manage VMs (firewall and whatever else) like every single other virtualizer/hypervisor out there? do they offer it as a paid service or some shit?
what are some alternatives to admin VMs in proxmox?

>>108628061
Not him but chinese SBCs are just objectively not worthwhile, I haven't heard of a single one having proper decent support into the long term. I gambled with Pine's stuff because they looked like a decent company (that was back some years before they completely dropped the ball on the pinephone and shit and lost most credibility) and even then I bashed my head against having to download unofficial images to boot and just gave up.

I think I have heard somewhat decent things about Odroid, but then again I had heard decent things about Pine as well back then. If I had to buy a chink SBC at gunpoint I'd pick Odroid but really I personally will never buy a chink SBC ever again.
If you really, really want an SBC for some odd reason, you just buy a raspberry pi, the cheapest model. But in many cases a chink x86 box is going to be as good or better. (Those have actual normal UEFI bioses and can run mainline kernels, which makes a world of difference compared to the chink ARMshit SBCs.)

>>108634102
Pretty sure it has a web UI, do you mean it doesn't let you change VM settings in it?

>>108634102
>>108634247
Tbh I haven't used proxmox in quite a while so I didn't remember... and I asked because I remember having to write firewall rules by hand, IIIRC I had to because the UI sucked and lacked many features that other UIs had.
guess I'll read or watch some reminder next time I ask something lmao

File: proxmox1-3833883097.png (173 KB, 1920x924)

173 KB PNG

>>108634102
yea mine was $30

>>108622108
gethomepage
i tried my best making it look decent

>>108634401
Does it have any kind of auth support?

What is the meta for NAS nowadays? Is slimbook NAS cube a good option / has good value? I dont want to waste my money.

I already have a home lab set up, but i need more storage (and this storage needs to be in a different room, so it needs to connect over ethernet)

I have a crusty old Debian machine with a pre-Ryzen AMD CPU with nothing containerized, running all my services (mainly Nextcloud, Jellyfin and qBittorrent) bare metal. Is this soulful or should I seriously consider newer hardware and doing things 'correctly'?

>>108635419
I still have an old Skylake PC running everything in my home. Your hardware is doing just fine.

>>108634422
I use http auth with ldap in a reverse proxy that adds ssl
>>108635419
just bee yourself

Any disadvantage to using yuge 10+ tb HDDS vs stacking 4TB other than "it might die"?

File: 1757415806417423.jpg (160 KB, 705x705)

160 KB JPG

Is there anything like sunshine/moon light but for emulation?
Running that just to run retroarch sound stupid

>>108637470
explain better what you mean

>>108632460
you can view cbr/cbz files with a pdf viewer, sumatra on windows or any other one on linux

What can I do with an Raspberry pi zero w2? I was thinking of making a file server, or a static website distributor. What do you think?

>>108610611
I am very curious about that woman. Is she a butter face in hiding or is everything fucked?

>>108637470
Yes, you can just run Retroarch. If you have a device that is not even fit for retro emulation then it deserves to be thrown into the trash.

>>108637470
each one of those solutions is shit when it comes to input lag. good for office stuff not gaming.

>>108638874
back then i played the reboot of tombraider from a different country, its perfectly usable

>>108637470
webarcade
>>108638032
>>108638271
>>108638874
Idiots, I miss /mac/ containment thread.

File: 1765228975716249.png (121 KB, 1144x637)

121 KB PNG

Why can't freetards into database migrations? Recurrent issue with jellyturd

>>108640468
it's because they're using microslop cshart

Spent a bunch of money on unifi stuff
Should have 2.5g through my house soon™

hello /g/entlemen

hey im doing nextcloud w only office to replace google drive. on arch. should i put it on my system with apache or do docker or aio? should i put it on a vm? got a bunch of weird errors trying to stuff it onto my main os so im thinking on a ubuntu lts server in a vm with like 4gb of ram and docker but not aio. is this best practice? benifit of running it myself or not?

thoughts? critique? suggestions?

>>108610611
Wendall is actually knowledgeable and the only good techtuber

Is it worth getting a 50M Standard cable to cut into smaller ones if I can't find spools

>>108611135
Get star link, why the fuck would you use cellular

>>108627239
I wonder how hard it would be to make a fuse driver that turns every leaf of a directory tree into a virtual zip archive
Would solve this problem.

>>108642228
That's backwards. You could just zip them up and then use something like the libarchive FUSE filesystem if you need to "mount" the zip file normally for some reason.
https://github.com/google/fuse-archive

>>108639011
>tens of milliseconds input lag
>perfectly usable
okay

>>108640468
works fine here, buy better hardware poorfag.

>>108635430
just make sure you jave enough redundancy

>>108638118
>What can I do with a computer
whatever you need
>>108640516
which is funny because the data migration tooling of dotnet are actually very good and they still manage to fuck it up

File: 0.jpg (1.44 MB, 4128x3096)

1.44 MB JPG

So... I'm trying to figure out the length of sata cables I need to buy and if they should be 90° angled or not. The cable in the picture is 50cm. Should I buy those easy to bend cables? How are they called? Two more HDDs will be added.

>>108635430
Depending on the size of your data you should always aim to have enough redundancy. The only downside to large drives is if you end up with, like, a single one, and then have no space for backups. As long as you can split your drives into at least two sets (one for backups), ideally three sets for 3-2-1 backups (unless you're using cloud for offsite), you're good.
In fact stacking small drives can be more annoying because if you have like twenty 4TB drives one of them will die twenty times as often.

I suppose one possible risk with a few large drives is that it takes longer to restore from backup which marginally increases the odds of a second failure being timed exactly as your first backup dies. As long as you don't use SMR drives that take 30 hours to mirror while shidding and farding, I don't think this is a big risk, especially if you have two backups (triplicate copies) which makes a simultaneous total failure insanely unlikely.

>>108641230
I heard opencloud is much better than nextcloud. All I see are people complaining about nextcloud being slow, allegedly caused by being a massive mess of PHP. Opencloud is a rewrite in Go and everyone I've seen talking about it seems much happier using it.

>my system
What exactly do you mean? Do you have a server or are you installing it on your main laptop/desktop? What is your "main OS" currently?
It's generally decent practice to put stuff into containers or VMs if you ever expect to run more than one thing, but that doesn't mean you can't run bare metal if you want, and especially if it's going to be your only/main service for the foreseeable future.
You don't need docker in a VM, if you make a VM for it then just use the "native" install inside the VM. I think Next/Open Cloud come with pre-configured full OS images so you can make a VM out of that and it might be the simplest solution. Otherwise I'd run it in docker (I think they might come with docker configs as well?).

What's aio in this context? It makes me think of water coolers

>>108644283
Oh I just googled it, AIO is what nextcloud call their docker configs. Yeah that's docker then.

>>108610943
Overkill anon. I've used Ceph with k3s, three nodes. It was overkill even for that. Just use ZFS.

>>108643150
Search for thin sata cable. Buy the thin ones that go from four to four. It's generally blue in color I think.

>>108640928
Why though? Were they atleast cheap?

>>108616380
Unless you a free electricity or cheap as shit electricity, I'd get low power shit.

File: 1775744581679330.jpg (46 KB, 500x375)

46 KB JPG

>>108612284
I love you too anon kun.

>>108612653
No, it stains your teeth and you look like a fucking Brit with yellow teeth.

File: 1776342755098951.png (320 KB, 808x808)

320 KB PNG

Why truenas and not Debian with Ansible notebook?

>>108610550
Got a 4 post 19" rack and it can extend to 40" depth, was thinking about using filling it up from both sides, but i don't know about case sagging. Is there a rule of thumb like every case with certain height/length/weight needs to be supported and others can just be thrown in with any support on the back or by rails? I find weirdly little on that topic on the internet, but maybe it is one of those things where you need to already know it to find the right search terms.

>>108634240
I know its not the same, but I am very impressed with CWWK (chinkshit) and their support. I emailed a very technical question for an OPNsense related issue I was having with one of their boards, and the guy answered within 24 hours and sent me a custom BIOS, 2+ years after I bought it.

>>108610550
Can we stop with these ugly schizo OP images for fuck sake just be normal.

Anyway I finally got around to setting up an encrypted cloud backup solution on my NAS today, feels good.
>use gpg to compress and encrypt a folder with my own gpg key
>upload the encrypted tar archive to a backblaze bucket with rclone
>cronjob a script to do this weekly
Feels good to have encrypted backups of whatever I want to just upload anywhere worry free since I'm the only person that can decrypt them.

>>108622203
JuiceSSH is one I can think of. Terminus has openssh as well.

>fuck around with Nextcloud Office
>doesn't work
>error message points to some config-fu
>notice they updated the example conf a while back
>grab new config
>shit still broken
>actually read the error
>it's just missing fontconfig
>install that
>still broken
>check dev mode
>new config introduced a bunch of new headers firefox does not like
>go back to the old config
>now everything just werks
Making the config stuff a problem for Future Me, that guy has never done anything for me anyway

>>108645470
That is indeed impressive. But
>and sent me a custom BIOS
Can I ask why it was necessary? Did they later include a fix into their normal BIOS (and you just got an immediate build fixing your issue before it got into a general release)?
Because I'm not just talking about customer support, I'm talking about software(/firmware) support, and if you have to use a custom BIOS now to fix some weird edge case it doesn't sound great. If they then actually released an update so everyone gets the fix and you just happened to be the bug reporter then that'd be different.

>>108641273
Bumping

>>108645976
Alright. It had to do with ASPM being a toggle option in my BIOS for PCI-E controllers. 99.9999% of all chinkware uses 82599 (no aspm) and I had a x710 10gbe card I wanted to use that uses aspm quite well.

When I say custom BIOS, it was an emailed file that wasn't listed on their google drive list of all BIOS.

I am self aware enough to know Wang didn't compile it just for me.

However, they DID fix my problem and did it in less than 24 hours via email. Even the best western tech company, evga, would have dragged it out a bit longer.

I have to give props for that.

>>108646721
Somewhat unrelated but these 82599 controllers will never go away.
I bought a CURRENT product (Sonnet twin 10G SFP) for my desktop and it's an 82599 inside.
These chips are like 17 years old now. Wouldn't dare even use any PC that old.

>want to backup docker compose directory
>get permission errors (mostly from mysql)
>can't sudo restic because repo is on nas (nfs)
Would it be a bad idea to disable root squash?

>>108646826
maybe explain what you're trying to do better and someone can tell you why it's wrong.

>>108646852
My NAS and server are separate. On my server I have ~/docker with all the compose files and config stuff for the services. The restic backup is stored on my NAS. If I run restic without root I get a bunch of errors like

scan: Open: open /home/anon/docker/romm/mysql_data/mysql: permission denied

and if I try running restic with sudo I get

Fatal: unable to open repository at /mnt/nas/backups/docker/restic-docker: ReadDir: open /mnt/nas/backups/docker/restic-docker/keys: permission denied

Does a SMART test only catch bad blocks that have gone bad before the last attempt to read or write to them? If I randomize my drives, then run a long SMART test, am I covered for detecting any issues or can that miss things vs. badblocks?

>>108646883
Interesting. I think I'd try to sort this out from a permissions perspective. For example, can you give yourself permissions to the docker folders? Perhaps not safely. But in that case, can you give root access to your NAS?

>>108646918
SMART long is a full surface read scan so it should detect things that are obviously wrong. The drive can infer what's been written to it through a metric ass load of ECC but there is a chance it's wrong about what it reads because the drive itself actually doesn't know what's on the drive, it just knows if the ECC is correct.

Badblocks with writes enabled will write to all the sectors and read them back to identify bad sectors and it's a very specific pattern it's looking for. The host is actually fully aware of what should have been written to the drive.

As far as how each are used. Badblocks is good as a full new drive shakedown while SMART tests are passive early detection

>>108646883
you probably need to set up the volumes differently in docker. I use rootful podman so I never have any problems with permissions since it's all running as a systemd service as root with a limited scope that way rather than trying to figure out whatever docker is doing on its end.

>>108647057
When you write to a block and something goes wrong the drive is meant to log that though, right? And then SMART long tests are meant to aggregate all of those failure logs I think. Is that not how it works?
I want to end up with a completely randomized disk at the end of this process so that usage patterns can't be inferred. That's why I'm wondering if I can do a dd wipe, then just a SMART test. badblocks writes a non-random pattern to the drives is the issue.

wish i wasnt a poorfag so i could deal with ubiquiti ui instead of this ghetto openwrt and mikrotik jank

>>108648300
>mikrotik
>jank
learn2cli

How it started: me hopping on the last train grabbing a 10TB WD purple for $70 last year
How it's going:

196 Reallocated_Event_Count 0x0032   100   100   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0022   100   100   000    Old_age   Always       -       1416
198 Offline_Uncorrectable   0x0008   059   059   000    Old_age   Offline      -       10069

>>108648421
swos doesn't have ssh capability

A lion doesn't concern himself with the reallocated sector count

File: shitpost_14.png (473 KB, 982x1029)

473 KB PNG

>>108643150
I like these.
Nigger website thinks links are spam so just find them yourself.

File: 1756226191171922.jpg (217 KB, 723x726)

217 KB JPG

>>108648531
condolences anon that sucks

I have a proxmox cluster connected to a tailnet, is it better to have containers inside be tailnet nodes themselves, or just expose them as ports on the proxmox host?

>>108621731
while it's true probably the biggest advantage is letting it automatically grab new episodes/seasons as they appear, even if it's just for grabbing old/finished shows and one-off movies, it can also;
- give you a nice detailed listing of what you have
- grab sequels of movies if applicable
- grab better quality versions of shows/movies as it finds them
- rename and organise the files for you
it's not something everyone needs of course, but i like being able to enter a name of a movie into radarr (for example), then just click one button to add it and it will sort out the rest (looks for torrents, grabs one based on rules you configure, tosses it to your torrent client, monitors it so when it finishes downloading copies/moves/links it to your media folder and optionally signal to something like jellyfin that there's a new movie available)
this system is also good for other people to use (family members, roommates). i initially started trying these kinds of tools, before the *arr stuff purely to help others, it wasn't something i thought i'd want to use either, but once i'd figured it out and set it up... why not use it myself as well?

>>108610550
pape?

>>108650464
I would do the latter to simplify things but I also don't know anything
I just think networking is simpler when your host can act as a "hardware reverse proxy" and you can even do shit like add an actual reverse proxy container in case you want to add SSL termination, SSO or whatever in the future. Or say if you want to replace the tailnet with something else, like pangolin, or manual wireguard, or even migrate your tailnet to headscale (if you're not on it yet). But that's just my intutition, I am planning a similar setup but I haven't done anything yet so I've never even used tailscale yet

>>108651568
*rape

>>108610550
is yunohost good for noobs? I wana host immich on a prodesk 400

Anyone?
>>108645194

>>108652975
don't know what you're talking about. if you have a product and you want to know how much your product can support then you should look at your product manual.

>>108652991
Have you actually ever looked at a manual of those? There is literally no info on the eight different things i thought about to rack and the rack itself just says 300kg max load with no information whatsoever how much f.e. 1U can carry at what length.

I guess i'm looking for peoples experience with when it comes to rack stuff and when it comes to how much you can put in them with no support on the back end. Got my doubts i can just shove a 4U 75cm 30kg case in and then have no sag or damage either the rack or case.

>>108653094
get rails and put them on your chassis if you're so concerned

>>108653142
Yes, the question was if there is a need to do that. Rather suprised how no one seems to know this here or elsewhere, which is kinda odd since putting stuff in a rack isn't some mystical rare thing.

>>108653208
just do it, I'm sure you can evaluate how sturdy the chassis and rack is

>>108641273
yea

>>108653946
Consider the following: I haven't bought it, there are multiple options and i would like to know before i buy something that either doesn't work as planned or needs additional items that drive up the price and complexity unnecessarily. No offense, but when you don't seem to be able to help and have no knowledge on the topic, so maybe just stop.

>>108654501
nobody is gonna be able to answer your unanswerable question, especially when you haven't even said what product you're talking about, after which time someone who has actually owned whatever you're talking about could say something relevant about it because how the fuck should any of us know?
Why don't you call their customer support line?

>>108654520
>Hey bro, you can't expect anyone to have actual experience of mounting servers on racks in a thread about home servers.
I'm not even going to address the rest of your drivel, again you clearly have no knowledge or experience on the topic, and it is only becoming clearer that you never had any intentions to help whatsoever. Go and drain someone elses attention and energy.

>>108628022
what's wrong with Banana Pi? I just ordered the BPI-R4 to use as my main router.

>>108654582
The people here who use racks would never do this ghettolicious ass to ass rack nonsense you're wanting to try.

>>108655267
He's got the rack but not the case he wants to put in because he still needs to figure out which one he can use though.

>>108655295
Yeah I figured after.
if a chassis is designed for rails they're not gonna be able to tell you that it's forward facade will be able to hold the weight unless it's designed for that.
In which case it's in the manual for the product. Otherwise they'll say use rails

>>108655311
Maybe reread the other posts he wrote as well. God, you are so much talking out of your ass, you might as well work in sales.

>>108655331
I can help, I swear. Just name a product and we can look at the manual together. Let me try, I'm desperate to help!

>>108638795
AI? It looks pretty weird vagina connecting with belly

>>108654979
Where do you think you are and what people do? One of the cheapest $10 Ikea table is a popular rack (substitute).

>>108655311
Enough of this bullshit: do you have a rack and populated it with server caes that are longer than 20-25 inches and weigh more than 35-50 pounds? Yes or no? Because if the answer is no, then why are you even replying? I already wrote that the google crap replies are useless and all you do is give even worse answers than any google search.

I asked for genuine knowledge from people with experience and something like a rule of thumb from those that have tested in practise and you simply dont provide that.

>>108655553
>do you have a rack and populated it with server caes that are longer than 20-25 inches and weigh more than 35-50 pounds?
yes. anything that's not a 1u appliance is on rails.

>>108655613
>yes, everything i know is not what is the actual topic
At this point it is just ill intend.

>>108655613
>anything that's not a 1u appliance is on rails.
AHAHAHAHHAA
fucking noob

File: guix fileserver.png (143 KB, 1113x685)

143 KB PNG

Had this running for a while now, but it's a little unstable atm if I do a system reconfigure, with some long stacktrace printed on tty1 (not immediately after, and maybe not if only ran once) and something about the kernel. Just trying to willfully ignore it for now, thinking it's probably just my old Intel SSDPEKKW128G7 maybe slowly giving out (media_errors at 13, but there's a planned replacement).

>>108656804
are you liking guix? have you used nixos? I've been hemming and hawing for a while about whether i want to learn a declarative distro or ansible or just settle for my current manual setup

>>108656852
I'm considering Guix as my goto for desktop as well as servers, but I'll need some time experimenting first since I'd like to stick with KDE. Part of the reason I picked it to begin with is its Lisp base (they should have just used CL, but (Lisp is Lisp)).

Can't have s-ex in a virgin OS like Nix, heh.

>>108656936
yeah i would much rather use lisp than learn some autistic dsl

Currently working on converting my shitty NAS into a proper home server as part of my general migration towards linux. This shit is such a pain to figure out, but I can tell I'm going to be glad to know it once I do. Any suggestions for adjustments when switching from the NAS-specific TOS it currently has to a more general operating system?

>>108657044
specs?

File: file.png (118 KB, 787x1190)

118 KB PNG

>>108657069
It was the cheapest one I could get that didn't require an app to set up

>>108648597
I was going to say can you not ssh into the router that's upstream and access it that way. I did that with a MikroTik router and AP, but from what I found it seems like SwOS is actually gay and retarded.

I fucking hate Immich so much, it just keeps self destructing itself. I shut it down and I'm going to wipe the entire thing and start from scratch again. I just want a fucking album organizer that isn't shit.

>>108657327
my router is openwrt so there wouldn't be any brand integration type of thing possible anyway. since it's just a switch i'm hoping i can just set and forget once i get the time to figure out the ui

>>108657372
use case for albums?
just make folders in seafile or something (it even has AI scanning to auto-tag images with the people in it or whatever)

>>108657419
Oh, I'll have to take a look at that. The only reason I wasn't dumping these into a directory was that I wanted the AI tagging so I can keep track of photos based on people.

why tf samba shares randomly die every 3-4 months for no reason

>>108656936
>since I'd like to stick with KDE
in nixos this is just

services.displayManager.sddm.enable = true;
services.desktopManager.plasma6.enable = true;

question about truenas, if I'm making a new media server, should I use the latest truenas version or the previous, iirc 24.10? I ask because I heard some stuff about them close sourcing their OS so the latest might be gimped or smth.

Does it make sense to randomize an SSD before encrypting it to prevent exposure of file system usage?
I will be enabled TRIM afterwards, which I have heard will expose freed space, but people seem to always be a bit unsure about what they're saying when they try and comment on flash memory usage extraction.

>>108657044
>Any suggestions
try powertop on whatever distro you choose i guess, not sure how efficient is TOS in that regards

>>108660954
Good question. Honestly I don't know. It doesn't cost much so I do it anyway (a single write-through of the SSD will take a negligible portion off its lifespan so it's not worth worrying about).

>>108661048
Classic /hsg/.
Reading a bit more, it seems that writing random isn't going to matter after my first trim, because all those random blocks will be marked as unused by the controller, and they will effectively be identical as if it were zero or factory patterned, because those underlying cell values shouldn't be accessible. Maybe someone could extract the values from the cells, but finding random rather than empty makes no difference when the disposal is already marked in the controller. Trimming will still reveal my unused blocks in exactly the same way as zero pattern would, so randomizing to hide unused blocks is pointless if TRIM is enabled (which it will be, for performance).
I think I'll just `nvme sanitize`.
>not worth worrying about
I am interested in computers for the sake of it as well as the functionality. /g/ - Technology.

Is this autism, guise?
https://github.com/ScubaAnon/my-fastfetch-scripts

It's the script I use to get:
>>108656804
I should rewrite it to Common Lisp, tbqh.

>>108661711
>>108660954
what's the use case again?

>>108661744
Obscure unused space on encrypted disks while maintaining the performance benefits of TRIM
and
>I am interested in computers for the sake of it as well as the functionality. /g/ - Technology.

>>108610550
Errrrrrrrrggggghhhhh I just want a cheap box of some kind I can repurpose into a home server that can hold like five or ten drives for easy expansion.
But eeeueuuuugghhhhh it should be cheaper than an actual computer because I'm poor and why would I pay a lot instead of just buying more external drives.
Thoughever EEEEYYYAAHHHH what if I just got one and cracked open my externals after emptying them and put them in

>>108658555
It might be a bug, restart the service once per month and your problem is solved.

I realize this is kind of a longshot, but do any of you fags run FreeBSD?
I set up prometheus+grafana+node_exporter on my boxes (a mix of FreeBSD and Linux hosts) and node_exporter apparently makes almost no effort to standardize metrics across platforms? Is there a non-homo alternative that actually works in heterogeneous environments?
>grafana
Yeah, it's dogshit. I'm looking at perces, but I can't be arsed to switch yet (it's not in the FreeBSD ports tree and setting up a source install is effort).
>homelab observamemeity
S-shut up... kusobaka...

>>108661788
>Obscure unused space on encrypted disks
why?
according to which matrix movie and/or LLM bot is this in any way productive and useful. unless you work for the CIA and you live in Russia then you dont need encryption.

>>108663991
XY problem people are annoying.
Yes, I have a use for it, partly to do with my job. You don't know the answer to a technical question so you act like it's not even necessary to know in the first place.

>>108664032
>Yes, I have a use for it, partly to do with my job
sure you do mr james bond

>>108664032
>You don't know the answer to a technical question
This isn't /encrypted drives/ general or whatever else horse shit you try to come up with and quiz people here everyday.

You're one of those trolls who think it's normal to discuss molecular chemistry of gunpowder on /k/ or petrochemical fractional distillation on /o/ and when they dont play along you would unleash your Duning-Kruger anger onto them just like you do here, despite no evidence of an actual encrypted ssd, this is all in your head asking a question for attention whoring. Hence anon was right half-jokingly suggesting you should hit the GPT with these half assed hypothetical attempts at theoretical serverology.

>>108664560
>You're one of those trolls who think it's normal to discuss molecular chemistry of gunpowder on /k/ or petrochemical fractional distillation on /o/
It would be interesting if someone did try to discuss those things on those boards. If you don't understand those topics, you can just not comment. Not every topic needs you chiming in to say "I don't know", and not every general needs to cater to lowest common denominator at all times.
>despite no evidence of an actual encrypted ssd, this is all in your head asking a question for attention whoring
I don't even know what to say. Are you expecting a picture of an SSD or something? Why would I lie about that?
>hypothetical attempts at theoretical serverology
Are we not here to learn thing about servers? If you just want a third-party setup "server" and you have no interest in how they work, just buy Unraid or something.

Can we all just agree that
>How can I obfuscate my disk usage while still getting benefits from TRIM
was a stupid fucking question that doesn't make sense once you spend 10 seconds to think about it?

use case posters should eat shit and die

also the actual reason (at least that I know of) for hiding unused space on encrypted volumes is plausible deniability of hidden volumes.
If you are compelled to hand over your keys and have 1GB of data in your encrypted volume but your adversary can see 100GB used space, they can be fairly certain you have a 2nd hidden volume.

>>108664722
Now that I know more about how TRIM works I can see it is not possible to have both.
I thought someone here in the server general, where quite a lot of thought is put into storage, might be able to confirm that or help me understand why that is the case. That didn't happen and that's not a problem.
>>108664724
>use case posters should eat shit and die
I would like them to stop being such know it alls.
>also the actual reason (at least that I know of) for hiding unused space on encrypted volumes is plausible deniability of hidden volumes.
That is one good use for plausible deniability that you get from obscuring unused space. Another is if the whole disk is randomized you can say "I shredded it in preparation for selling it/starting fresh with it in a new build", which is a lot more plausible than "I shredded some of it and not the rest".
Usage information can sometimes show what filesystem is on the disk too, and revealing that there is any filesystem at all nullifies any shredding claims.

File: 1756949546093570.png (322 KB, 624x621)

322 KB PNG

Amazing things are coming out of China.
Not only are there PLX88096 boards with like 80 PCIe lanes but SXM2 carriers with ARGB

Does fresh rss or glance homepage invade your privacy in any way or collect telemetry?

>>108665271
>SXM2 carriers with ARGB
>Something requires your attention on server, maybe something has gone wrong and your notifications aren't getting sent
>Red RGB tells you you need to SSH in and have a look around
I also share your interest in unique Chinese hardware configurations. I like seeing odd stuff.

>>108650019
brosky where did you find these angled ones? I’m only finding the 90-degree downward ones and the straight ones.

File: CAB-8087-4x8482-1-800x800.jpg (46 KB, 800x800)

46 KB JPG

>>108643150
if you're serious, get an HBA and hook up some SFF-8482 to it.
people have had data loss from using onboard SATA controllers. i've had data errors from pansy ass SATA cables getting misaligned. as a bonus, you'll gain the option to use cheap SAS drives off ebay.

>>108666469
I’m planning to do that in the future. I don’t need more drives right now, and when the ones I have fail, I was thinking of getting higher-capacity HDDs instead of adding more smaller ones to avoid the cost of HBA.

>>108666488
>higher-capacity HDDs instead of adding more smaller ones to avoid the cost of HBA
????
an alispres/ebay HBAs is cheap. high capacity SATA drives are not.

>>108666538
>high capacity SATA drives are not
NTA but in the US (eBay, Newegg) spinning rust drives seem to be consistently priced at ~$20/TB regardless of capacity.

>everybody pushing for passkeys
>decide to give it a try
>set up Kanidm as it seems modern and has a straightforward way of setting up replication between homelab and vps nodes
>mfw passkeys don't work on my phone (lineageOS)
>nor on my linux desktop apparently, at least not without a yubikey or something
>stuck with password + TOTP
>can't (selectively) disable MFA, leading to having to reauthenticate all the fucking time with either an authenticator app or, for convenience at the cost of security, keepassxc which can hold both the password generate totp codes

Maybe I'll switch to Authelia after all, though that seems like more of a hassle to set up, especially with replicated nodes, by the looks of it.
Don't want to switch to authentik or keycloak as they're way too heavy for my use case.

>>108666566
in bongland you used to be able to get 4TB SAS for £20 last year, now it's closer to £40 but still way cheaper than whatever the fuck kids these days think they need to pay for muh SATA

>>108666538
>an alispres/ebay HBAs is cheap
but are they better from the onboard sata ports? Because cheap HBAs are used and raped for years.

>>108666572
>mfw passkeys don't work on my phone (lineageOS)
they should. make sure you set your manager as the default passkey provider.
>nor on my linux desktop apparently, at least not without a yubikey or something
correct, Linux does not support platform keys as of yet. you'd have to use a physical passkey or a software passkey provider.

there's not really a uniform way to authenticate to everything, if that's what you're hoping for. too many different implementations.

>>108666596
Based on the horror stories I've heard about onboard controllers and the fact my only HBA has given me zero issues over the last decade, I'd say yes.

>>108666609
>the horror stories I've heard about onboard controllers
you are scaring me broski. What are you talking about?

>>108666636
I wish I could be more specific, but the truth is I listened to the condescending chink on the FreeNAS forums and used an HBA from day 1, so I never really paid much attention to issues with SATA controllers, which come up fairly often in the threads. Maybe someone else can share first hand experiences.

>>108666572
Or you could get two Yubikeys

is there any interesting use case for extra ethernet port + wifi in a chink mini pc? aside from using it as router

>>108666600
>>108666976
I have to stand corrected.
Managed to get passkeys working on Fedora and Firefox with PassKeeZ.

Passkeys are meant to make your life easier. If you have to jump through 1000 hoops to get them running, you might as well give up.

>>108667390
>Passkeys are meant to make your life easier.
No, they are not. They are meant to offer better security than passwords.
>If it's not chewed up and part-digested for me, then I might as well rent the latest goy device with the biggest cloud subscription
Convenience cucks like you are a primary reason why technology is constantly moving towards taking away user control.

>>108667427
If you truly cared about the security aspect, you wouldn't insist on using software passkeys.

>>108667803
I don't use software passkeys. But nice try at moving goalposts.

>>108667815
For most online services, passwords remain in play after you add passkeys. So I'm not sure what your point is. A compromised password can still be used in conjunction with a compromised email account, SMS, security questions and whatnot.
That anon focuses a lot on ceremony by setting up "PassKeeZ" software passkeys with "Fedora" and "Firefox".

>>108663991
Obscuring unused space is not "productive" but it's interesting.
>unless you work for the CIA and you live in Russia then you dont need encryption
I like being able to sell or throw away or give away drives after I don't need them without having to perform a 5-step shaman ritual to destroy all my cleartext bits beforehand

>>108666572
>for convenience at the cost of security, keepassxc which can hold both the password generate totp codes
The way I see it, it's still MFA in that there's something you know (the master password) and something you have (the keyfile database)
It is no different to logging in to something with MFA in your phone's browser. You're doing it all in one device, but it's still MFA because you need to know the password AND have the phone, it doesn't matter that you're doing both in the same place. And the "something you have" is usually the authenticator app's secrets database.
In keepass the TOTP secret is stored in the keepass database and so the keepass database holds the role of the "something you have" factor.

The only way in which it's weaker is that keepass databases are often synced across several devices, so it's a bit less secure than a TOTP app that only lives on your phone with no backups. But, I don't know about you, but when services give me "backup codes" to their TOTP, I save those in keepass anyway.

>>108667999
>For most online services, passwords remain in play after you add passkeys.
Some form of shared secret should always remain in play, because from a design point of view, a passkey should be treated the same as a physical key, in the sense that it could be... acquired by someone other than the legitimate owner.
>A compromised password can still be used in conjunction with a compromised email account, SMS, security questions and whatnot.
Yes, everything can be compromised, I can beat you with a $5 wrench, yada yada. Do you have a point that you wish to make, or...?
>That anon focuses a lot on ceremony by setting up "PassKeeZ" software passkeys with "Fedora" and "Firefox".
Maybe you're the one focusing too much on what "that anon" does. He's not even in the reply chain. You can use a physical key on Linux.
>So I'm not sure what your point is.
Passkeys are fundamentally more secure than passwords and are not fundamentally designed to be any more convenient than passwords. Anything else I can help you with?

>>108668089
>Yes, everything can be compromised, I can beat you with a $5 wrench, yada yada. Do you have a point that you wish to make, or...?
Anon, the point that anon is making is that if your password and email are compromised, having a passkey setup doesn't actually help when the account can just be "recovered" bypassing the passkey

Password + passkey would be fine, but password OR passkey makes the passkey a security theatre

>>108668117
Oh, I see. Yes, Amazon is like that. You can set up a passkey but there is no way to make it so that you cannot log in without a passkey - you either use an authenticator app, OTP to a phone number, or just login using your password and bypass the passkey entirely, ayyy lmao. Discord is also kinda bad because it lets you in with nothing but a passkey (I don't know if this can be changed). I'm hoping this is one of those things that become corrected over the years...

>>108668181
>I'm hoping this is one of those things that become corrected over the years...
I honestly doubt it. Standards are constantly changing and nobody cares to do things "the right way." Not even big tech websites, not even for shit that has been around for well over a decade like normal 2FA.

>google refuses to let you add a TOTP or U2F factor unless you FIRST add an SMS factor, and only then you can add your normal factor and turn off SMS
>github supports both TOTP and U2F great, but it gates important actions (like repository deletion, adding/removing SSH keys etc.) behind "enter your 2FA factor!" with a nice convenient "enter your password instead" button below that
If even tech giants, some of whom were literally involved in the working groups creating the standards for shit like U2F, still either can't get it right or can't be bothered (google probably just prioritises forcing you to give up your phone number more than it cares about the security aspect) - I have little hope that anything will ever be implemented properly.

We're getting passkeys before U2F has even gotten proper adoption and implementation.

>>108668117
And yes, I do think account recovery is gonna be the weak link, because people don't want to take responsibility over their own accounts and their own keys. I hope Apple and Google key managers will improve this somewhat, but I highly doubt this will ever go away. Same reason it's the bank's fault if you get scammed into giving away your money.
>For the record, I got locked out of my Yahoo Mail because one day they just randomly decided to stop allowing me in with my credentials and having to call jeet support is where I draw the line

>>108668208
Sad!

>>108668250
>because one day they just randomly decided to stop allowing me in with my credentials
Yeah that's the funniest fucking shit, if you want to enable 2FA and hardware U2F and all that shit then your account is still wide open to some pajeet "recovering" it if your password leaks, because the tech companies are apparently dealthy afraid that someone might get locked out of their own account.
But if you have your own password and username 100% correct, sometimes they will just say "lol nope we're not letting you log in anymore" for absolutely zero reason and this is jut normal.

>>108668273
For shits and gigs I just tried to recover my "recovery" email (which I can then use to recover my actual email), managed to remember the password and guess my way through 1 security question so far. I get a few more guesses in 12 hours and presumably 3 questions total. As dumb as this shit sounds, it's still better than what new accounts are forced to go through nowadays.

File: soju.png (188 KB, 1300x1200)

188 KB PNG

For some reason I never put two and two together that I can use proxmox backup client on my desktop and laptop. I'll need to make a recovery usb with everything I need to do the recovery, but that wont be an issue. It should be fun too. I keep all of my data on the nas anyways, but it's nice to not have to do a fresh install if something goes bad.

File: 1773668587463665.png (1.22 MB, 1085x989)

1.22 MB PNG

Finally got a reverse proxy working and all my services are behind my own domain name instead of ip:port now. Took me an entire day of reading to get to this point from pretty much not knowing what a proxy even is. Networking is hard bros....

>>108670468
I've only bothered to set up my http services up with a proxy.

>>108670468
Just set up Pangolin on a VPS. Easy peasy.

File: FoQmkq4XwAAyt-C.jpg (94 KB, 750x851)

94 KB JPG

>>108670468
>services are behind my own domain name
how exactly do you access them now?
login with 2fa and then some dashboard?

>>108671702
NTA but you can put internal IP addresses on public DNS entries. It's not as clean as a split horizon DNS setup (because you're leaking internal network configs to the public, technically), but using DNS itself doesn't prohibit you from keeping everything locked down and requiring an authenticated VPN (i.e., wireguard) to use.

Or you could just put the (HTTP) proxy on a public IP and slap fuckit basic auth on it, that's probably what I'd do.

>>108670468
Congrats bro. I got mine working, but any kind of VPN prevents me from accessing remotely and I cannot figure it out. Any positive VPN connection sends me to my NGINX splash screen and I cannot figure it out regardless of port forwarding settings......

>>108669405
>it's nice to not have to do a fresh install if something goes bad
would be nice if it saved the storage configuration too. like you would hit 'restore' for a vm and it went back where it was before without the need to set its location again. some say you should have a copy of the /etc/pve folder too independently of the actual proxmox backup.

File: 1774497485152211.jpg (149 KB, 1621x900)

149 KB JPG

Any docker/podman for running VMs with little hassle?
My homeserver has more powerful CPU, and better cooling, so I thought it would be better option to use it to emulate games from PS2/3DS consoles.
Or it there better way?
Also what are the options to run android apps/ OS?

>>108671783
i might be extra hangover but i still dont get it
you type in yourdomain.com right?
ok then what, what's going on, you get a login form? okay you auth yourself, and then what? you get served files from your homeserver via some tunnel?

>>108676483
Not him but if using the "internal services on public DNS", then yeah you'd need a tunnel if you're not on LAN. If you're at home it'd obviously just work.
If using a reverse proxy, you'd type in a URL and the proxy would forward it to an IP and port of your choice, so you type in say yourdomain.com/homeassistant or homeassistant.yourdomain.com and either way the proxy forwards the traffic to/from your HA local ip:port address. If the reverse proxy is remote e.g. on a VPS (for example if your home IP is dynamic and you don't wanna deal with public dynamic DNS) then the reverse proxy will need a tunnel back home.

You can also tunnel home to a reverse proxy and have it be the single point of entry to your other services, basically combining the two methods, I guess.

Auth is somewhat of an orthogonal topic. In the first case (just tunneling home) your auth is your tunnel setup, e.g. if you have wireguard or whatever only devices whose keys you have configured can connect. When using a public reverse proxy then that's probably going to be responsible for auth so you configure it on the proxy. So you auth yourself and then the proxy servers all the internal services it's configured to, but before that it only serves the login screen and nothing else.

>>108676483
Basically what this anon said >>108676534
I have an A record to point my domain root to my proxy server private ip and a CNAME record pointing *.domain.com to the root. Then the proxy server itself manages where all the subdomains or file paths will resolve to. This is mainly to have valid ssl for internal use without having to trust self signed cert on every machines.

>>108671783
NTA but I'm a brainlet, I understand the public DNS setup but can you explain split horizon DNS?

File: jarpig.png (156 KB, 688x883)

156 KB PNG

I wrote a little web interface for ffmpeg that lets me do simple stuff like converting between formats, extracting audio, making slideshows, making video loops etc.

would any of you be interested in this? I could put it up on github or something

I had the most painful ordeal trying to get my switches configured. Turns out I forgot to add access for DHCP and DNS through the firewalls. Please let that be the only problem with my config, I'm dreading going back and testing it out.

>>108677673
I'm sure someone would. Anything to not have to use the ffmpeg cli.

how dumb is running random services as root anyway?