trunking edition

previous: >>105724538

READ THE WIKI! & help by contributing:
https://wiki.installgentoo.com/wiki/Home_server

/hsg/ is about learning and expanding your horizons. Know all about NAS? Learn virtualization. Spun up some VMs? Learn about networking by standing up a OPNsense/PFsense box and configuring some VLANs. There's always more to learn and chances to grow. Think you’re god-tier already? Setup OpenStack and report back.

>What software should I run?
Install Gentoo. Or whatever flavor of *nix is best for the job or most comfy for you. Jellyfin/Emby/Plex to replace Netflix, Nextcloud to replace Googlel, Ampache/Navidrome to replace Spotify, the list goes on. Look at the awesome self-hosted list and ask.

>Why should I have a home server?
De-botnet your life. Learn something new. Serving applications to yourself, your family, and your frens feels good. Put your tech skills to good use for yourself and those close to you. Store their data with proper availability redundancy and backups and serve it back to them with a /comfy/ easy to use interface.

>Links & resources
Cool stuff to host: https://github.com/awesome-selfhosted/awesome-selfhosted
https://reddit.com/r/datahoarder
https://www.labgopher.com
https://www.reddit.com/r/homelab/wiki/index
https://wiki.debian.org/FreedomBox/Features
ARM-based SBCs: https://docs.google.com/spreadsheets/d/1PGaVu0sPBEy5GgLM8N-CvHB2FESdlfBOdQKqLziJLhQ
Low-power x86 systems: https://docs.google.com/spreadsheets/d/1LHvT2fRp7I6Hf18LcSzsNnjp10VI-odvwZpQZKv_NCI
SFF cases https://docs.google.com/spreadsheets/d/1AddRvGWJ_f4B6UC7_IftDiVudVc8CJ8sxLUqlxVsCz4/
Cheap disks: https://shucks.top/ https://diskprices.com/
PCIE info: https://files.catbox.moe/id6o0n.pdf
>i226-V NICs are bad for servers
>For more SATA ports, use PCIe SAS HBAs in IT mode
WiFi fixing: pastebin.com/raw/vXJ2PZxn
Cockpit is nice for remote administration

Remember:
RAID protects you from DOWNTIME
BACKUPS protect you from DATA LOSS

>>105743098 (OP)
Now that's a good OP image.

how do i set up the permissions on my ZFS dataset so everyone can read and write to it?
i have a VM running my downloading software behind a VPN running as user myuser. the dataset is accessed via an NFS mount.
I also have the *arr stack running in separate unprivileged LXCs. the dataset is accessed via bind mounts.

>>105743098 (OP)
Can someone please help me get this shit running in TRUEnas Scale? I've tried yaml, tried custom app, tried dockge, tried portainer, and every single time some shit wigs out and I cant get past anything.

https://github.com/reasv/panoptikon
No matter what i do I cant get it to run in a container. latest error is
<blank>
I already built images, but the latest problem doesn't seem to have anything to do with me at all. its just nginx shitting itself for some ungodly reason

>>105743461
apperantly 4chan thinks an error message wrapped in code brackets is fucking spam
https://rentry.co/urgchy6n

looking into on-premming my hetzner setup
what i don't understand, what's the best way to keep traffic accessing the home server from my home network?
would a dmz do enough?

>>105743517
I'm not sure why DMZ is such a widely used term, just stick them in a separate VLAN

>>105743554
nta but was just thinking that
>>105743517
yeah just put them in a VLAN and deny all traffic to LAN and whatever else. if anyone gets in they can't get anywhere else

>>105743554
>>105743597
right, i'll have a look into that, ta lads
might need a better router, this cheap tp-link one only has DMZ which is probably just a poor man's VLAN

>>105743603
If you're building out a hypervisor, you could also virtualize OPNsense
Pass through one NIC directly to OPNsense for your WAN, create two vswitches in your hypervisor, have one that is bridged to a NIC which essentially because your "LAN" port (connected to one interface in OPNsense) and another with no NIC bridge (or a bridge to a vlan on a switch) and you just dump all of your external facing services on it, and connect that as a separate interface in OPNsense which becomes your "DMZ"

>>105743603
>only has DMZ
I dont think I've ever seen that terminology on a router before
if you don't want to virtualize as >>105743637 mentioned, I might recommend a protectli device
https://protectli.com/
came preinstalled with opnsense and coreboot and has been running my network without a hiccup for years

>>105743665
I'm the hypervisorfag
But yeah, those little appliances are pretty nice. I ran pfSense bare metal for a while in an enterprise situation and it worked just as well.
Get a cheap smart switch that can do vlans, plug in one port as a trunk (tagged in two vlans) and you can break those vlans out to different interfaces in OPNsense, if you have faster internet (above about 500Mb/s) then use two separate ports, one untagged in each vlan and use them as two separate interfaces in OPNsense.
You can also use basically any other AliExpress mini-PC, but I personally wouldn't since they can sometimes be of dubious quality.
A benefit to Hypervisors is; if you make a super bad config mistake, you can pretty easily use hypervisor checkpoints (snapshots) and just revert, without having to reinstall OPNsense and load a config backup

>install authentik
>assign a role to a group
>try to assign it to another
>>Invalid update request.
>??????
>reload, try again
>>Invalid update request.
>check network requests
>>"Roles can only be used with a single group"
what in the fuck is the point of roles then?

>>105743698
>easily use hypervisor checkpoints (snapshots) and just revert
it's good you mentioned that because you reminded me that I really need to set up proxmox backup server. I really need to host my own password manager because I feel so dirty just doing it via bitwarden, but I'm not sure if I trust myself without a bunch of backups

>>105743761
Yeah I need to start doing backups, in a week or so I'll have an off-site Proxmox box set up (we're setting up a few at work to evaluate it vs. hyper-v to move from VMware)

>>105743790
>neither of us do backups
we're a couple of fuck-ups, you and I
hope the proxmox testing goes well. would love to see it get more enterprise acceptance vs. VMWare

>>105743098 (OP)
What's a good method for centralised 12V power distribution? Moving from a little 8-bay UNAS box to a separate server & DIY desk shelf (surplus SAS backplanes are dirt cheap), and whilst its easy to chain things together with mini-SAS HD cables, it's be nice if I can shrink the individual disk trays by not having to stuff PSUs into them too.

>>105743878
Yeah I'm pretty hopeful, one of the main things holding it back for us is Veeam support (it's there, but not as good as hyper-v or VMware) as well as just general support, we use a DR company that does hardware mirroring, but we'd need them to be happy propping up Proxmox servers for us
>>105743896
Probably a bit overkill, but super micro makes boards to use some of their chassis as DASes, including IPMI and support for their standard redundant power supplies. Beyond that, it's pretty much going to need DIY

>>105743917
DIY is what I intend: don't have the depth for a full rack or I could just use surplus disc shelves (that are mostly empty space).

which one is better for your server

>>105743279
Everything (datasets and directories) is owned by user 1000 in my setup

>>105744651
I prefer RYZEN/EPYC for the CPUs and ARC for GPUs.

>>105743098 (OP)
Would it be retarded to put Seagate IronWolf Pro HDDs in my Desktop?
https://geizhals.de/seagate-ironwolf-pro-nas-hdd-rescue-12tb-st12000nt001-a2808526.html

>>105744651
Intel is better due to QuickSync

>>105744889
Get an Intel GPU, they can also do QuickSync.

>>105744876
why new tho
just get a dozen used pieces of shit and raid them

>>105744915
why would you get a dedicated card for something you can already have integrated in your CPU??

>>105744791
>>105744889
i just want a server to host my web apps and occasionally running CPU intensive apps (machine learning models )

>>105744921
Because I have just two (in numbers: 2) 3,5" Drive Slots in my PC and my 2TB drives are slowly filling up.
Case: https://geizhals.de/kolink-unity-meshbay-performance-a3098957.html

I've also contemplated doing 4x4TB 870 EVOs in RAID10 instead, but didn't get any input on if it's a good idea or just retarded a few threads ago. Then again, paying ~1100 yurobux for 8TB (usable space) seems kind of retarded without being told so, when I could get 8TB HDDs for around 372€.
But then I realized that the same IrownWolf Pros as 12TBs go for 260€ each which would cost 21€ per TB instead of 24€ish / TB for the 8TBs.
I could also go with refurbished 24TB EXOS (https://www.mindfactory.de/product_info.php/24TB-Seagate-Factory-Recertified-ST24000NM000C-HD3-5Zoll-SATA3-Raid_1615598.html) for just 12,50€ per TB and 600€ all in. But 24TB are overkill for my Desktop and they have just 6 months of limited warranty compared to 5 years and 3 years data rescue on top.

>INB4 just build a NAS
It's in the works, but I need new desktop drives ASAP as well.

>>105745095
>I could also go with refurbished 24TB EXOS
depends on what you store
i moved around a few terrabytes of small files recently and hdd's made me hang myself
so personally i would go either ssd for speed or huge hdd for future proofing and just hoard away whatever you want

>>105745293
>depends on what you store
Documents, Vidya, Photographs, my uni stuff, etc. Just normie shit really.
>i moved around a few terrabytes of small files recently and hdd's made me hang myself
Sorry to hear.
>so personally i would go either ssd for speed or huge hdd for future proofing
I've got two SSDs that are acting as cache for the most important stuff on the HDDs so I don't really feel the performance loss (bcache for the win).
4 SSDs in RAID10 would be reading at 2GB/s which would be nice though, but not it's worth 1100 yuros nice. I think.
>and just hoard away whatever you want
The NAS is going to be my hoarding storage later on.

>>105744746
LXCs map the user and group ids to 100000+ID though, so that does not help.
i have just set every program to run with group id 100000 now, gave that group ownership of the drive and set permissions according to TRaSH guides.

What do I need to do to make a second TrueNAS system accessible via webGUI on the same network?
Does the second one just try to go with xx.248 IP, and then go to like xx.249 if xx.248 is taken by the other one?

What if I unplug them both then power up the second one first, does that claim .248 and make the first one then have to use a second one if it's plugged in later?

I haven't really configured anything beyond the default for my old system and just used the defaults for hostname/ip but am looking for a backup server now and now I'm not sure what I need to do so they don't conflict with each other.

>>105745737

wat.

You should set them to have their own static IPs.

Hook up a monitor and HIDs, define a static IP for system 1. Then do that again for system 2.

>>105743597
>>105743554
those of you that say this have no idea about lateral movement and how it works. ARP based traffic allows a compromised device to have lateral movement inside of that same broadcast domain, no ACL on a router will do anything the only thing to protect devices in that segment would be host based firewalling. another thing, can you still hit the SVI from inside the compromised device of that VLAN? then you have lateral movement to your router. do you have a route to other devices on your network? that route facilitates all lateral movement between network segments, with only an ACL preventing any transfer of data, which is largely inadequate. do you expose your public WAN address to the public for services? then you have exposed yourself inadequately.

if you want to safely expose services you need to use either wireguard tunneling for internal services, or use a VPS cloud relay to a device existing in a DMZ routing table, which is not generally intermingled with your internal network (barring out-of-band type traffic, which is the only type of hole that should be poked).

>>105743517
dont listen to these retards. look up VRFs if you want true segmentation. you can proxy everything inbound to the DMZ segment and isolate all routing between your normal segments and it.

>>105745817
>Only externally facing devices in a VLAN
>Hurr lateral movement
Notice how I didn't once mention multi-homing those services into your actual LAN?
Also, anon, we aren't just throwing traffic from our VLANs into a L3 switch... Both of us mentioned OPNsense, which is a firewall before a router.
The VLANs are connected to completely separate firewalled interfaces on the OPNsense box in this theoretical network, there is no lateral movement.

>>105745804
I have been using one for a few years and it always used .248, I thought that was the default requested by TrueNAS or something and nothing else tried to take it so I just let it be and assumed it was fine.
I guess it looks like I was wrong and that I should figure out static IPs for these before proceeding with anything.

>>105745863
i know what OPNsense is. so you are proposing a dedicated dot1q tagged link to a device individually? because you're talking about not feeding the VLANs to a switch... individual devices aren't intended (in normal configurations) to have their adapters participate in dot1q tagging so they can communicate with an upstream SVI. it would be most prudent to do a simple point to point /30 instead, in which case your route is still available to everything in the global RIB. so, the firewall would still have routes between each segment, but it just would have a single device in the broadcast domain which protects against ARP based attacks/movement.

1. for posterity post your firewall rules and routing table here and i'll audit them live for free.
2. you should go read about ARP (i'm assuming you're moving the goalposts with what you just said) and zero trust models.
3. in your proposed configuration you are sacrificing the firewalls port density for such a point to point configuration for no good reason. there are MUCH better ways to do this.

>>105746088
>Moving goalposts
>Ignores the fact that I suggest the vlan ONLY has services that you are happy to expose to WAN
If all of the services in my "point this shit at the internet" VLAN are, well, services that I'm already pointing at the internet, what is the risk factor of lateral movement?
Yes, there are services that I don't want accessable over WAN, for these I establish a tunnel from my client to my router, and said tunnel in my trusted network segment.
>dot1q tagged link to each device individually
Sure, if you want. Basically every hypervisor supports this, fuck even docker supports this. But again, not what I was suggesting.

>>105745817
>proxy everything inbound to the DMZ segment and isolate all routing between your normal segments and it.
I went back and read your first post
Anon this is what I was suggesting, a VLAN that is separated from the rest of the network, with the only link being a completely separate firewall interface (VLAN or physical, whatever) that has firewall rules intercepting all traffic

>>105746233
>>105746310
1. your lateral movement is between your exposed devices and your north-south perimeter which has implications on your overarching east-west.
2. the hypervisor host interface isn't an individual device, it uses bridged switching fabric internally.
3. if you feed a trunk to that hypervisor with it dot1q tagged for the DMZ VLAN unmediated traffic can flow from device to device within the DMZ. that is lateral movement.
4. a VLAN is not separated from the rest of the network when you introduce routing.
5. a firewall rule doesn't intercept traffic. it takes action on traffic based on layer 4 criteria and takes no action on ARP based layer 2 traffic for broadcast domains that extend beyond it functioning in an inline capacity.

your fundamentals are off

>>105746493
Are you talking about some bullshit attack like this?
https://idafchev.github.io/blog/combining_arp_poisoning_and_ip_spoofing_to_bypass_firewalls/
>Relies on impersonating a host inside your isolated network segment that is allowed to talk to hosts outside of said segment
Alternatively, relies on your firewall rules for the interface not caring which segment the traffic is originating from
>Hey, yeah I have [trusted IP] let my through your rules
>Uh, no, being on [untrusted segment] with [trusted IP] does not meet the rules of [trusted segment]
IF: [untrusted if]
Source: [untrusted IP]
Will not evaluate some bullshit ARP spoofing where the traffic essentially looks like
IF: [untrusted if]
Source: [trusted IP]
Unless you already have a hole that allows some random untrusted host to speak to a trusted service, which, again, relies on bad network practice.
Without the very niche VLAN hopping attacks, you simply cannot change what interface you're hitting the firewall on, if that interface does not allow any IPs to pass to your trusted interface, your traffic is not getting through.

Yes, you can use ARP spoofing to appear as a different host, but if that host doesn't hit any firewall pass rules itself, it isn't getting passed by the filter.
This includes attempting to spoof a host address that matches other some interface's rules, you're still on the same interface.

>>105746694

>>105746744
You've still yet to give a single actual attack vector, just:
>Firewall rules are fake
>VLANs don't provide any isolation
>Yeah well ARP can bypass all of your firewall rules
The way you're speaking makes it sound like firewalls do absolutely nothing. every firewall is build with default deny rules, how is your magical ARP attack bypassing that?

>>105746744
>I will flex that I know what dot1q and VRFs are to tell anon they're doing it wrong!
>N-no don't actually ask me about an attack vector

>>105746793
go ask AI why you are stupid i'm tired of trying to teach your dunning kruger prosumer ass anything

>>105746955
>You're wrong
>No, I won't tell you why you're wrong!
It's okay anon, I'll forgive you, you got confused thinking we were talking about L3 switches and ACLs! Unfortunately you then got yourself caught up in trying to explain why firewalls aren't real :(
We still like you, don't worry! :3c

>move old torrents to new server
>radarr apparently does not support hard linking batch imports
>have to manually import 100+ movies

Are those Rosewill racks & cases on Newegg actually good?

>>105747320
??

>>105747320
>>105747359
i am dumb. do not read the previous post. please. my cat will cry (there is no cat).

Is it a meme to run gentoob or do y'all really think it is the best option

I have a truenas build that is really just a file and backup server that is occasionally used for movies over jellyfin (direct play only, no transcoding). Would I gain anything at all from upgrading it from a 5600x to a 5900/5950 since you can get them decently cheap used now, or would it be a waste of money and power/heat?

>>105743098 (OP)
>the list goes on
Can you provide the whole list? I'm looking for something to satisfy this tinker bug in my brain.

>>105747732
literally says in the next sentence
https://github.com/awesome-selfhosted/awesome-selfhosted

>>105747732
>can you list every piece of software ever please

>>105747654
not really, just max out ram if you can find a good price, ddr4 getting more expensive

>>105747914
>ddr4 getting more expensive
wait waht really? how come

>>105747914
Figured, thought id ask anyway. I already have 64 gigs but I'll watch eBay for a cheap 128 gig set for shits and gigs I suppose.

>>105743461
>>105743476

I want a secondary way to backup/sync my saves without relying on Steam, especially for emulators and pirated games. What are my options? I was thinking using Syncthing, but it really doesn't do much in terms of backups and it's a pain to setup

>>105748852
install gentoo

>>105749053
rsync + task scheduler

>>105749053
symlink to your cloud storage folder

>>105749084
>>105748852
Install proxmox
But fr TrueNAS VMS/containers are a slapped together half finished PoS, it's not intended as a hypervisor
Install proxmox bare metal, install TrueNAS as a VM and pass it the HBA

>>105749116
wouldnt that cause a lot of issues for my storage? I thought the entire point of truenas is that it gives baremetal access to all of the apps and containers it has along with the storage. installing it into a VM would mean I'd have to kick a dedicated amount of resources to it. I am not a developer so I have no real way of predicting through experience what resources I need to give each thing, or if I'll run into situations where a single gpu in use cant be shared. is there really no bare metal solution for ZFS? I found truenas really easy to set up in that regard.

>>105749159
Nope, you're passing the entire storage controller to TrueNAS, as far as it's concerned it /is/ bare metal you give it all of your disks, let it do zfs etc and run the VMs on the proxmox host. You can even store the VMs on a "network" share from the TrueNAS vm

better yet, don't bother with truenas at all and just run zfs on the host, bare metal

>>105749177
but again, thats the thing, I am trying to avoid VM usage because I just have the one GPU to use. I know there are ways to split a gpu, but I dont foresee a lot of simultanious use so I want to just have each app/docker tool send it stuff to do when necissary. does proxmox let anything run on bare metal like truenas appears to do?

I barely understand how to configure apps as it is or why a simple seeming one like that would fail. if I didnt want to run this thing on a server, it would have been a one click install... I've configured enough VMs to know I am not going to assign them the right resources, and if I dump everything into one singular VM, why not just find a tool like truenas that will let everything run on bare metal. I dont know enough about proxmox to know if thats possible, but if you keep saying vm I'm going to assume you mean for me to spool up a vm of debian or something and load containers in it.

>>105749194
is there a reason to do it that way?

>>105749223
Pass the GPU to an Ubuntu VM and run docker. This is all TN is doing. It's based on FreeBSD so most stuff is running in VMs on it anyway AFAIK

>>105749223
>is there a reason to do it that way?
>I've configured enough VMs to know I am not going to assign them the right resources

>>105749237
oh is he not using truenas scale

>>105749255
I'm not sure which version of TN they are using, I always forget that there's two now, is scale Debian based?

>>105749237
>freebsd
thats no longer true.
>so most stuff is running in VMs on it anyway AFAIK
I'm pretty sure that's not the case because gpu use is relying on dedicated drivers installed in the host. 25.04 killed freebsd, much to core fans ire. but Ultimately I wouldn't know the difference anyway. I'm just going to point out though, that if I wanted to spin up a vm I could very easily do that in truenas right now, I'm trying to avoid doing that.

>>105749255
I am. but the app system afaik lets you run apps in jails on the bare metal. but apps do not allow access to multiple containers, so I have to use dockge or portainer, and those didn't work either, and I have no idea how to run every container and route the IP traffic between them when they are supposed to be seperated as a work around for the main apps system.
>>105749268
I believe so. iirc it has apt removed or disabled or something because of how its intended to be used but that says to me its probably debian based.

>>105749273
Are jails just LXCs?
I don't really understand them on proxmox, though I barely understand docker yet. Give me a VM with an OS and I know what I'm doing, containerisation is dark magic

jails are a bsd thing
and no they're pretty different to lxc

containerisation really isnt that complicated

>>105749285
I am even thinner on knowledge than you, I am good at big picture thinking but if it comes to understanding technical details I have to work 4 times as hard as anyone else to understand an OS. Basically a container shares only certain resources from the OS instead of the entire thing. IIRC and dont quote me on this, but I think they each have their own kernal. and I think they also are treated as having seperate permissions.
I dont really understand what a jail is other than assuming it means containers. in truenas communities they are all lumped together anyway. App, jails, vms, all go in one community tab. Containerization is meant to, from what I understand, let the various apps run and deploy from a fixed set of instructions.

https://github.com/reasv/panoptikon/blob/master/docker-compose.yml
this isnt exactly a working yml because I had to build the images myself but its pretty close to what I have, from what I understand it uses these arguements along with interior files inside the project such as the dockerfile to begin a container and adjust non default perams so it can run. each main indent is a separate container so this one app uses 5 containers.
>>105749339
that makes sense, jails are just a holdover term then from a platform TN used to support.

>>105749347
based on what I am reading I am getting a lot of bad information about running docker on proxmox in anything but a VM too. it really doesn't seem like the right tool if I want to use docker on baremetal. I have to go wage, but I really hope someone with TN will consider trying this for me, it's a really useful program for anyone who uses image boards. if I could just get it working, I could pass it my GPU and get a good performance app that handles all of my images between all devices.

>>105749389
nta but try first testing the setup on one of your workstations, document and then plan ahead. There's a chance that TrueNAS isn't the right OS for the application you want to run. You might also run into other issues you're currently missing and by testing first on your local machine you'll have a better grasp of what to do before "going to production"

edit: sorry if this sounds dumb or cringe but this is how I usually do my stuff (heavily influenced by my job)

>>105749434
that doesn't really help because I've tried that. in other words, like I mentioned before, the application is a one click deploy normally. it's the containerization that's having trouble. and if truenas isn't the right system I'm basically fucked, because I have no way to run it on bare metal and give it a GPU unless I want to give it and only it the GPU. I just am hoping this HSG has people with truenas that are willing to try deploying it and posting results. you have to build the images, but if I, a total retard can do that, I figure it cant be that complicated for people to know what theyre doing, but if no one wants to, they could try looking at the error rentry and see if they know whats wrong with the ngnix container
https://rentry.co/urgchy6n

>>105749485
seems you're retarded, that looks like a configuration issue

>>105749485
>>105748852
Installed TrueNAS to test your shit. I know what's going on, your stupid AI slop is fucked, its default configuration doesn't work, it has fucked up folders like /logs, seems their devs are even more retarded than you (who would've thought). I made it run by doing the following:
>comment out all volumes from docker-compose.yml
>change LOGS_FILE to something like /tmp/logs from docker-compose.yml

>>105749485
Don't use docker. Stinky poopoo program.

>>105749485
NJ, Wawa is ours.
Regards, Philly.

Thoughts about Arch Linux for a home server? I don't really buy into the instability and downtime stuff. I've been running it on my personal computer for a few years now and the only things that have required my input have almost all been things that I wouldn't have on a server. I looked through the news and only found two manual interventions that I think would be relevant in the last 5 years, which is an amount of maintenance I'm willing to perform.
On the plus side though, more up to date software, so less vulnerabilities in web-facing services.

>>105750158
I use it as a daily driver but to be honest the old "MOM PACMAN BROKE MY XORG CONFIG" kind of stuff hasn't happened to me in at least a decade. it's pretty stable. still probably would just use debian for servers because I'm set in my ways
and I don't know if up to date software necessarily means more or less vulnerabilities. what if there's a vuln that's introduced in an update? iirc arch was affected by the xzutils CVE-2024-3094. got a patch quickly but I believe arch was affected while debian stable was not

>>105750121
fuck outta with your philly jawn, we have more wawas than you do
but florida has us both beat for some reason

>>105750247
>mfw

>>105750247
I think the same with regards to stability. The wiki says it's not feasible, but I think that's perhaps outdated.
Debian is my other OS under consideration. I'm weighing up whether I can replicate proxmox to a sufficient degree with libvirt. From what I can tell it's an unusual choice so I might have less to draw from if I go with Arch, less software that people assume is available to you available to me. That kind of thing.
Generally I think it's going to mean less vulnerabilities, because vulnerabilities are normally included accidentally and unknown for a while, and then discovered later and fixed, but xz was inserted on purpose and found very quickly. The common accidental ones require edge cases to overlap and don't have a detectable trace in the author's intent, so they aren't discovered quickly.

>>105750158
It's fine ONLY if you care to always read Archlinux's notes when upgrading. If you're just doing pacman -Syu blindly then you're gonna have problems. Personal experience I was unable to updoot my lap's arch because of the goddamn firmware files

I personally like Debian in my servers because I can just apt upgrade on all of them and call it a day

>>105750331
this
shill arch on servers all you want, it doesnt become any less retarded
the packagers do not give a shit if they completely break your system with an update

>>105750280
>are normally included accidentally and unknown for a while
yeah you got a fair point. in general that seems to be what happens, and xz is kind of an unique case
can't really comment on doing proxmox things with just libvirt, but would be interested to see how that goes. the 2 things I can think of off the top that might be more complicated would be clustering and vlans. but basic virt-manager stuff is about as far as my experience with libvirt goes, though, so I really have no idea

>>105749851
>Just don't have storage
How am I supposed to give the thing files if there's no volumes Anon... ? Or do you mean just nginx? You said all though.

>>105743098 (OP)
Thinking of getting a Zimaqube, what am I in for?
https://www.zimaspace.com/products/cube-personal-cloud?utm_source=head&utm_medium=menu

>>105750060
There is not a second containerization program on offer for it. Though according to the other anon even the existing compose is broken.

>>105750607
you have to remove all volumes that map to configuration, keep the one for your data. You gotta fuck around and find out here anon, I can't spoonfeed you more unfortunately

>>105750631
Well it certainly couldn't make it any worse to try that afaik, but I'd assume it needs those other points to retain the image tags as a database.

>>105750617
>read the landing page
>"huh, sounds pretty cute"
>press buy
>12 threads
>16GB RAM
>256GB storage
>$1,099 + tip
PFFFFTTTTTT HAHAHAHHAHAHAHAHHAHA

>>105750331
They recently had a manual intervention news update. There's maybe one every 6 months or so. It's not that hard to subscribe to an RSS feed. The resolution to the current problem is clearly stated there.
I'm not advocating for arch linux for your server. If it does what you want then use it. If it doesn't then don't.

>>105750710
Well, you can expand it like mad:
6 HDDs
4Nvme SSDs
32GB RAM
a Grapics card
Thunderbold 4
multible NICs
Linux / BSD support

makes an awesome homeserver

>>105750822
You can achieve much better specs & capabilities for much cheaper.

Do you guys make separate partitions for things like root and usr, or just put it all under root?

>>105751114
>>>/g/fglt

>>105750822
Panoptikon anon here. My rig is an old xeon workstation with 7 SATA ports, 2 nvme 2 x16 bifurcatable pcie slots, thunderbolt 4 compatibility up to 8 slots for ram, and the whole damn thing has the same or better number of votes and only cost 250. I could only imagine paying 1099 for something if it included all of the shit I want built in.

>>105743279
POSIX ACL

>>105749053
https://github.com/mtkennerly/ludusavi

Am I retarded or is it impossible to run stuff like Proxmox, Jellyfin, etc., over a wifi connection?

>>105743461
The devs said it's not meant to be run as a hosted service. It's really only a couple steps away from an electron app.

>>105751882
I'm not sure what you mean by not meant. All I see are warnings that you need to make changes if you are going to create a public instance. mine is going to stay on my local network

Before I set up btrfs on lvm-cache, I need to know what btrfs scrub would do to a read cache that's (probably) unaware of btrfs.
Would it just destroy the cache with all the reads? Would it be unable to detect corruption because it's hitting the cache and not the drive?

>>105749851
>>105750607

alright home early.
i don't know what you did but it's either a lie or you aren't doing what i am doing at all and so I am confused at what you even are trying to assert here. Removing the volumes and changing the log file does absolutely nothing.

https://rentry.co/24xcptxv

>>105752066
after rereading these errors and asking around I tried removing all permission restrictions on the dataset but theres no change to the permission loop

>>105751114
I put it all under root

>>105751764
what makes you think wifi is a different kind of internet, besides being a zoomer

>mail server ip blacklisted because residential
I give up. any good vps providers? or should I just give up and use proton

containerization for homeserver is mentall illness and this thread proves it, good luck AI image anon

>>105753035
give up and use a relay

>>105750158
its great honestly, I used to run it on a NUC never had any issues. then I moved to a VPS when my internet went to shit. I let the debian trannies persuade me and have been really disliking the experience.
now Im buidling an actual homeserver and if it weren't for nixOS really working out, I'd have gone back to arch.

>>105753035
vps for just sending mail seems a little overkill, get a free smtp relay

>>105753402
its not really overkill just dumb, your mail still won't get delivered without an insane amount of effort even if you set everything up right

>>105753063
Containers are great for home servers since you can easily try out shit and then blow it out from an airlock if you don't like it. It can't touch any other resources on your system unless you give it access to.

>>105750158
I've been using it for my home server since 2016, originally on an arm sbc no less.
I don't run anything fancy though, literally just sftp and transmission. I even use a shitty shell script to mount drives and start daemons instead of using systemd like a normal person lol.
I'm thinking of moving to a more proper setup though idk how I'd want it yet.

why is the homeserver general full of anime pictures

>>105743279
>ZFS dataset so everyone can read and write to it?
uhm. 5 permissions for files and 7 for directory in the shit?
for nfs, try using the -mapall property in zfs manager, like this: -alldirs,-mapall=80:80,-network=192.168.1.0/24
so this will map 80 to 80, in other words no matter which UID you are it you'll be 80 while remotely accessing the file. Maybe with -mapall=0:0 you'll be root and you'll have what you want. good luck

is this idea retarded:
proxmox backup server over NFS
it feels pretty retarded. this datastore is being made very slowly
maybe just do pbs locally and then sync it to my NAS monthly or something? I want backups on my NAS

>>105754065
I mean of course, you can do that. Proxmox supports doing just that. Adding a NFS as a volume. Maybe you can use it as a backup system

What I do is to run a PBS VM in my NAS, the proxmox server is in a VPS

>>105743098 (OP)
I thought these were Xserves from the thumbnail :(

>>105753835
What do you mean?

>>105754106
I definitely can do it, I've got the configs down and all, but due to the way chunkstores work it's going to be a lot of overhead for NFS. feels a little retarded
>PBS VM in my NAS, the proxmox server is in a VPS
So you pull down all the proxmox stuff from the VPS to PBS on your LAN? how do you pull the data down?

>>105750331
That's all standard operating procedure for me. I have a script that prints new arch news before running an update (yay -Pwwq | tail -n 3). If the title mentions a package I use, I read it and do the steps. I checked all the news items from the last 5 years and none of them were going to be an issue for me.
I have an update script that runs semi-automatically after I launch it from my bar. I'll probably set up something on the server that reports to my personal computer in a similar way and run the update over SSH.
What problems did you have with the firmware? I ran the commands they suggested and it was a normal upgrade after that, but I can see how there might have been edge cases.
>>105753098
Interesting to hear. It's good to get some actual experience weighing in rather than people just theorising about breakages (or lack thereof).
For a minute yesterday I was back on the idea of using Debian, because ZFS is a real pain to use on Arch, but on reading more I think SnapRAID is actually a much better fit for my use case anyway. I wouldn't use Arch if I wanted ZFS because it's difficult to keep the kernel and ZFS package in sync, so you have to skip upgrading both until they line up. I know there are pinned kernel solutions though.
I did consider NixOS too, but I have enough new things to learn for this project that I'll probably stick with Arch just to facilitate it actually getting done. Seems like it would work great though.
>>105753617
I'm going to keep my base system simple too. Just virtualisation software and media server (so I don't have to do GPU passthrough and I can keep the performance) and some other bare basics on my host, and the rest I'll keep virtualised so I don't have to worry about dependencies, which I could see being an issue otherwise.

>>105750442
I'll report back if I go that route in the end, which is looking likely.
I made sure to look into what I'm missing by not using proxmox, and there certainly are some "nice to have features", but after assessing them I don't think they are features I would actually need. I don't want clustering at this time. If I did, I can see how proxmox would help.

>>105752066
try removing the containers and rebuilding again, I was able to get nginx up but my vm ran out of storage so I just ditched it

You're gonna make me deploy the fucking thing. Once I fully spoonfeed you I'm gonna go and fuck ur sister in the ass

>>105753835
you're asking this in a gay anime imageboard
are you retarded or what

>>105743098 (OP)
>H12ssl-i
>Epyc 7402
>4x 32GB 3200 ecc ddr4 rdimm
>Asus hyper m.2 x16 gen5 (it was cheaper than the gen4 one)
>4x samsung 990 pro 2TB
>Quadro RTX 4000
>2x Intel Optane 905p 1.5TB
>Intel x540-T2 10GbE
>2x Innodisk 64GB SATADOM
>7x Seagate exos x20 20TB HDD
>6x 140mm fans (run 100% 24/7. The noise isn't even bad.)
200 watts at "idle". Hosting services with Proxmox in 5 vms, but not using any of them.

Guys let's make a wireguard network and add each other and do cool LAN stuff together

I posted in a previous thread and an anon suggested it could be my cpu that was degraded. well, I changed the cpu and resat the ram, but I still seem to be getting these hardware errors.

I'm starting to believe it's the motherboard that is messed up. what are the chances it messes up the data on my zfs pools?

>>105755629
try with different ram
>what are the chances it messes up the data on my zfs pools?
unlikely, zfs is designed to prevent this

>>105755648
>try with different ram
I was hoping to keep my current ram since it's ecc, but I'll run it for a few days with some crucial dimms I have laying around. maybe running a memtest for a few hours wouldn't be too bad either

>>105755701
did you memtest and disabled any OC and ran everything at base voltage?

>>105755608
sounds good ivan iwan ivanow

>>105755484
>200 watts not doing anything
>10% of that is fans trying to cool the other 90%
lmao

>>105755608
i spot with my little eyes: a glowie

>>105755742
I haven't ran memtest yet since I assumed it would be the cpu (it's always cpu 1 reporting the error). on the cpu, amd pbo is disabled and running in eco mode (45w). I never messed with the voltages, but I did change the memory to 3200mt since it keeps defaulting to 2400mt

>>105751764
As in, server connected to the same WIFI AP?
WiFi is half duplex, and unless you have something with a lot of Tx/Rx streams, stuff like airtime fairness will kick in and annihilate the connection even more.

>>105753035
tfw my IP is technically a commercial IP and not blacklisted
>>105755484
What are you using the optane drives for? Your VM disks?

>>105755608
I unironically want to do this with some friends
Host some little micro-services on proxmox with all nodes being a replica of eachother in terms of storage and hardware, let the VMs just shuffle around if one/multiple nodes go down

>>105755792
nah i just wanna play lan games and listen to each other's music and tinker with cool repos hosted on our gits
basically a wireguard slumber party

>>105755888
>my IP is technically a commercial IP and not blacklisted
doesnt matter, deliverability will still be dogshit

>>105755770
The motherboard doesn't handle consumer fans well, and will ramp them up and down. Locking them at 100% solves this and isn't audable with the ac going anyways. Maybe I'll look for a more elegant solution one day.

>>105756056
Exactly this desu
Imageboards, file storage, chap apps, game servers
Without having to deal with excessive anti-spam and security

>Upgrade to 24TBs for everything including backups
>Have bunch of 8TBs and 4TBs now that will have no use anymore once everything is migrated to the new storage
15x8TB
8x4TB

What does /hsg/ recommend for this?
Splitting data up to fit on smaller drives is a pain in the ass and is why I went with 24TBs in the first place but maybe it's time to consider something like Unraid for mixing small drives into another occasional backup?

>>105756907
Filehosting website

Thinking of running linux on my jailbroken PS4 to use as a home server. Thoughts?

>>105757368
I am thinking.

>>105757382
Standing by.

>>105757403
The worst it can do is go wrong. Go for it.

>>105756945
I mean what they're used for might vary and hosting some things could be neat, but more generally peaking, what should they even go inside?
They're soon to be homeless (or bayless) for now and destined for a pelican case as I have no systems that can house them at the moment.

They're getting evicted and will just be bare drives soon. That is my issue.

>>105757409
I'm interested to see whether it'll support virtualisation (docker images). Gotta read up again on the whole process to get it running first though.
I've been mulling over what to use for a server for a couple weeks now; checking prices of raspberry pis, NAS, some used PCs. Then this idea hit me. Pretty excited to try it now actually.
I love this hobby bros.

>>105757368
>Thoughts?

>>105757524
>interested to see whether it'll support virtualisation (docker images)
docker isnt virtualisation. its containerisation, which uses standard features of the kernel and doesnt require any special firmware.

retard.

>>105757556
Even better, no reason why it shouldn't work then. I just thought I remembered a few years back needing to enable virtualisation in the bios to get docker running. Please understand.

>>105757368
>>105757524
Sounds nice on paper but in reality it will suck ass.

What would be best way to deliver photos from android phone to an android emulator running on my PC?
The objective is to spoof Pixel 1 on the emulator and upload photos to Google's cloud without limit.

>>105758257
syncthing

>>105758257
>asking /hsg/ how to store photos on jewgle
>not self hosting Immich instead

>>105758832
Can Immich find me a photo of Tuscan pasta if I type "Pici" in the search bar?

>>105758259
Looks promising.
Is there a way to sync files "one way" and flagged internally as already sent? By that I mean send files from my phone to the PC and not reupload them if deleted there? Not a deal-breaker, but It would be nice not to worry if the emulator finished sending them over to Google.

>>105758989
>Is there a way to sync files "one way" and flagged internally as already sent?
Yes, just look at the docs

>>105759001
By your response I assume it's possible.
Will do!

>>105758989
>Can Immich find me a photo of Tuscan pasta if I type "Pici" in the search bar?
i don't know if it's that granular. but searching for "pasta" should work

>>105759328
Tried demo available here: https://demo.immich.app/photos and it's shit.
But looks like a nice alternative otherwise (deal-breaker for me though).

>>105743098 (OP)
Just finished this...
p520
-Xeon 2135
-5700xt
-64gb ddr4
-25tb of storage

Runs my plex server and lets me play modern games @2k, med, 120fps while costing me under $600 in total cost..

>>105759426
>5700xt
Why

>>105755421
I was able to also get nginx up but it seems, as i said, locked behind permissions for the others for no perceivable reason, also this attempt was after i already A removed all of the relevant containers manually in the shell and then also B had already set supposedly the entire dataset I was in to open permissions. basically, afaik i had already done that before you made your post sadly.
>>105759426
nice my build is similar, mine also came with no bays in front but I made it work, and added 3 more up top.
every row though is filled with a single slot card of some kind such as gpu, ssd, thunderbolt,

I had a dedicated backplane for them but the thing failed and died so I just ripped it off for the 5 inch bays. people kvetch over wattage but this thing uses like 50 watts only. compared to a threadripper workstation the heat output is nothing.

>>105757368
I have done this. if you are new to linux DONT nothing will work it will throw error after error, no tutorials will work, and honestly it prepared me for how much of a shit show linux is and I don't really like using it when theres a problem the usual go to answer is >fix your kernal
guess what you cant do on a ps4?

>>105753587
This. I like using VM's on Truenas to learn new OS's, play around with shit, and if I fuck anything up, I just nuke from orbit and try again.

>>105759948
>just nuke from orbit and try again
How is this different from a regular vm

>>105755484
servethehome forums user spotted

>>105760058
hmm? even my ancient xeon uses optane thoughever.

In docker/podman, if I create a container with restart until stopped policy.
If I manually stop and start it back again, would it follow the restart policy? or just stop if it crash?

>https://protonvpn.com/support/socks5
Is there a way to run protonvpn or any other VPN in a container and expose a proxy (HTTP/SOCKS) to use with other applications/containers?

Any idea how to self host something like browsling?
>web browser running inside a web browser with very restricted access to host resources and all data get deleted after restart with a way to pick different browsers/version.

>>105760170
it will restart the container if it stops for any reason other than being explicitly told to stop.
anything else would be insanely dumb

>>105760197
Install OPNsense -> connect to VPN -> host proxy?
I never really played around with proxies much, you could probably do this easily without OPNsense, but I'm a shill so I must shill

>>105760197
just make a container with vpn client and dante/privoxy/whatever proxy daemon

i imagine someone has probably done it already

>>105760945
why the fuck would you install OPNsense just to set up a proxy

>>105757368
Bro just flip it for a optiplex
Learn2flip on localmarkets

a man came and left an entire pallet of skylake prodesks outside my door last week

i want to make a massive cluster from them but i'd need to call an electrician first...

>>105761408
i dont know if you are aware of this but big globohomo requires ID to flip now only jeets and a few useless stubborn fags like me still use CL

>>105760043
Less overhead.

I just want to turn an old PC into a storage server to keep my videos, game installers, etc., will using TrueNAS wipe anything other than the 128GB SSD OS drive I plan to use? Currently have about 10TB of HDDs but they're not empty, and would like to keep the data already on them

>>105762185
if you made a zfs pool from that single pool and exported it then you can import in truenas scale
but since you obviously didn't do that then no. zfs doesn't give a fuck about what's on your drive.

>>105762271
*single drive

>>105762271
Haven't done anything yet, waiting on a new board to arrive (old one was fried but got a cheap one to replace), should I stick with TrueNAS if all I want is to have a network disk that doesn't really need a bunch of redundance and snapshotting etc., or should I go for a simpler option?

>>105762282
if you're plugging them into a linux host then you just use the built in nfs server and the filesystem doesn't matter.

>>105760170
The container options can't be changed once you make it. If your option is restart unless stopped it will restart every time unless you stop it

I just collected a fiberchannel san and a 4 node 2u cluster with 3 populated.
all hardware is broadwell era
what do

>>105743279
you could also use zfs delegations for more flexible control over permissions

Is it possible and worth it to turn an ix2-dl into a web server?
I found this guide that might work for putting linux on it.
https://minaret.biz/tips/ix2/index.html

>>105759948
>learn new OS's
thats what your workstation is for, why are you tainting your server

>>105761213
>just make a container with vpn client and dante/privoxy/whatever proxy daemon
>i imagine someone has probably done it already
Is there?
I couldn't find any.
I don't want to channel my whole traffic through VPN when it's just a way to bypass geoblock or to torrent safely.

>>105761213
>why the fuck would you install OPNsense just to set up a proxy
I literally said I'm an OPNsense shill and there's probably a better way anon

>>105762442
Download porn
Install solar panels
Run proxmox

>>105763549
https://github.com/HaruVON/proton-socks5
https://github.com/whyvl/wireproxy
https://github.com/curve25519xsalsa20poly1305/docker-wireguard-socks5

Where is the best place to ask about "prosumer" networking stuff? I want essentially the best normie consumer router and NAS. Whenever I try to research it the suggestions are always either
>No you fucking idiot you need to hardwire your entire house but not CAT5 you need CAT7lgbtq+ oh and you need a 20 bay NAS with more processing power and RAM than all the devices in your household combined otherwise you'll regret it later
Or
>Just use your ISP router and plug USB storage in the back lol

>>105764569
the problem is its all shit and gimped in some way

generally openwrt is your best bet if you dont want to bother with opnsense or rolling your own soft router.
https://one.openwrt.org

for NAS go with asustor and install truenas.

>>105764554
>https://github.com/HaruVON/proton-socks5
Thanks man.
This is exactly what I needed.
Though this expose http proxy, I thought SOCKS isn't the same as http?
Also what's the difference to using wireguard container?

>>105753035
Probably depends on what kind of needs you have for email but you could look into using something like Mailgun or AWS SES. Those at least have decent reputations and won't get instablocked.

i'll ask again. what is going on with those refurb 28tb exos drives that are being sold?

Is there a way to make jellyfin not show duplicates?

>>105765033
Something's going on with them apart from being refurbs?

>>105755629
memtest has been running for almost a day and no errors. maybe reseating the ram again fixed my issue

>>105766017
don't forget to pass an eraser to the ram pins to clean, it does wonders

If RAID is just a high availability solution, what do homelabers use for backuping up their data?

>>105766147
I have a Synology so Hyper Backup (rsync) to an external connected to my main PC. Then I have Backblaze for my main PC.

Is there any reason to virtualize TrueNAS instead of just installing cockpit directly onto Proxmox?
TrueNAS
>No HA support for VMs
>General VM experience nowhere near as good as Proxmox
Proxmox
>No nice UI for managing datasets, status, dashboarding etc
>No UI at all for ZFS with more in-depth features like L2ARC etc

Proxmox and TrueNAS Scale are both Debian based, why is there no good combination of the two? Let Proxmox handle the hardware and VMs/LXCs, let TrueNAS handle the disks, network shares and ZFS
>Inb4 do it yourself
no, I'm stupid
I feel like I'm just adding another barrier by virtualizing TrueNAS, despite being on the same hardware, you need to mount storage as a network share, it seems stupid for a single system.
In the end I'll probably just end up with a Proxmox box that is mostly dedicated to TrueNAS with some other small VMs, and a Proxmox box that is dedicated to more powerful services.

>>105766147
I backup to another device on my network with rsync, but I was thinking about getting a backblaze subscription to back up important stuff like family photos and documents and other stuff I really can't lose. basically what >>105766157 said

>>105766157

Do you just backup files to backblaze as they are or is there any sort of encryption, i.e. backblaze has no way of seeing what you're backing up?

>>105766147
Pbs. I don't store anything besides programs on my pc.

>>105766180
everything i heard about proxmox says docker containers suck ass there outside of true vms

>>105766210
The Backblaze client has an optional end-to-end encryption option.

>>105766188

Seems like agood solution though 99 dollars per year is a signifcant amount of money for a third worlder. Maybe there's some local equivalent cloud storage for less money though I kinda doubt it.

>>105766147
hetzner storage box

>>105766232
Once you get to a large number of files, the $99/year is an absolute steal compared to other storage/backup solutions. I have about 21 TB backed up there and I doubt that they're making profit off of me.

It's people like my grandma, who have like some tens of gigabytes of data, who are subsidizing my data hoarding habits.

>>105766232
I've done a bit of research but I haven't really found anything at a better price. I think they say like $6 USD a month for 1TB with 3x egress for free. you really don't get much better than that from what I've seen

>>105766147
Cloud storage if you only have a few TB beyond that you'll need tape.

>>105766276
3-2-1 with tape is somewhere between pain in the ass and near impossible.

>>105766180
Don't even bother with proxmox

>>105766180
>why is there no good combination of the two?
Because they serve different purposes. In the enterprise world you should have your storage (TrueNAS) separated from your virtualization environments (Proxmox). While you could virtualize TrueNAS it certainly isn't optimal

>>105760232
That's pretty nice concept.
How is it different from firefox containers though?

>>105766281
Tape storage services are the way to go. When you cross beyond 100-200TB there's almost no way around tape. At the point where you'd be mirroring two dozen 20TB HDDs to another offsite location it just isn't feasible anymore unless you live in Switzerland and can get one of those 40G fibre contracts.

>>105766326
You don't necessarily need a high upload link if the delta is fairly small. You can just seed the initial backup over a local network and then install the server in an offsite location.

>>105766147
btrbk

Noticed these guys have been getting extremely cheap used, is it worth getting these as boot drive for something like proxmox due to less chance of data corruption in case of a power out?

>>105766180

Seems to me that vistualizing truenas is just a simpler(if you're not using pcie passthrough), lazier and less efficient way of doing things.

Turning proxmox into a NAS is probably the most efficient way of doing things but it's kinda of a pain. But then again the whole idea of using linux is inherently a pain since you dive much deeper into the system's functionality so maybe that's sorta part of the whole experience and also to be expected.

Hello anons, I had an old pc and was waiting for summer to return home from college such that I could start doing a home server with it

I've got a pretty old intel cpu from 2012 and just 500gb sata ssd, all considering im just doing it to learn new things! I've set just debian so far and Im probably not going to run it 24/7 so im going to setup someting to awake it from a poweroff state and was considering either jellyfin or plex (jellyfin because opensource?) + some NAS (samba because ppl have windows and mac in my house). I just want to run it LAN because im pretty scared of opening any ports to the internet and make it remotely accessible untill I dont get all the basics right, and also I really dont need to access it remotely as it does not have the best hardware to run cheap anyways (or much storage).

What other services could I add that are new user friendly? The list is huge in the links provided so I just gave up.

>>105766596
If you have the M.2 slots they are otherwise perfect as boot media.
Cheaper than a sata DOM and will never wear out

>>105766762
If you're unwilling to set up samba in the terminal then maybe you should just install windows to do your share, or get a prebuilt. Sure Truenas has a nice ui, but it's not simple.

>>105766964

I'm also considering using two of these for a small ZFS pool I'm considering doing, maybe trying two of these guys out in raid 1 for the metadata special device part of the pool.

They're currently so cheap that even if it turns out that they make the pool slower, I wouldn't feel guilty for wating the 20 or so dollars I would have payed for them.

>>105766820
>someting to awake it from a poweroff state
you can use wake on lan for this as long as your motherboard supports it
>jellyfin
jellyfin is a good choice, I like it
>im pretty scared of opening any ports to the internet
good

proxmox is really good to get familiar with and will give you lots of options to build things. you can run a VM on proxmox for jellyfin, for example. and proxmox is built on a modified version of debian which is nice. so if I was you I'd ditch debian and just run proxmox, then make VMs for your things you want to run

>>105759835
>5700xt why

Because it was $140 shipped and plays cyberpunk with mods @2k, high settings 80+fps and Pubg @2k Med 140fps.


>>105759849
I 3d printed an upper bay for mine, allowed me to add 2 3.5 drives and an 80mm fan.

>>105759426

Why is the anime girl sideways?

>>105767348
Entire picture is sideways...idk why.

>>105767357

phoneposting?

>>105767357
because the orientation is determined by the gyro when you take the pic

Has /g/ ever used their homelab skillz at work or to make any money?

I work with automation and understanding ethernet and tcp/ip has made me stand out (a bit) among my peers since it seems like most people in the industry have no idea how this crap works.

>>105767049
so the way to go is using ufw and blocking everything that is not inside the subnet and make rules that open only the ports on the subnet for the various services? This is the way I went, bash me if im retarded

>>105767469
>Has /g/ ever used their homelab skillz at work or to make any money?
Yes, me.
>Built my network around Linux
>Built some java bots for my homeserver
Those skills led me to a remote QA job where I built java automated tests and also managed the lower servers that were running Linux

>>105766596
Just saw a guy on a local forum had one of these die on him. No flash wear doesn't mean it can't just up and die for no reason, like how most consumer SSDs die anyway.
Would only use these as read cache.

>>105767474
yep that's a good start. that's pretty much what you do if you don't have a managed switch that can do VLANs
if you are exposing ports, you should have exposed stuff on its own subnet/VLAN and deny outboud traffic to the other subnets/VLANs. that way, if someone gets in, they can't get into your regular LAN
VLANs tend to be a bit more elegant but you need the proper hardware to make it work

>>105767469
I do every day. I'm basically a glorified sysadmin
when I show people how I can tunnel RDP over SSH they're like "whoaaaaaaaaaaaaaa"
pretty crazy how little people know about the things they can do on the networks they operate. keeps me employed though so I can't complain

Should I get a Fractal Design Node 804 or a Logic Case 4U? It's my first build, and whilst rack-mountable for future would be nice, I'm only thinking potentially rackmount so I have the option.

>>105759873
This was a worry. My main PC is running linux, but I imagine there's a lot of fuckery to get the PS4 kernel & drivers to a 'stable' state.

How old is too old

>>105768505
Don't go 2.5"
Single disk capacity sucks, and to get any form of modern capacity you'll need to fully load it

If I have a bunch of services with a web UI and I want to put them all behind one url what do I use?
Bonus if I don't have to manually log in to each of them.

>>105768598
eh, they're more silent and take less watts tho

>>105768754
nta but 2.5" spinning rust is not worth it, either get 2.5" fast ssd or 3.5" big hdd

>>105768754
Okay, but consider the max 2.5" HDD you can get (that isn't SMR) is about 2TB (and they're EXPENSIVE) you need 10 of them (2-6w each spitballing) to match a single 20TB 3.5" drive (5-10w)
So for 20TB you're using 20-60w vs 5-10w
Also, they aren't that much quieter.
Don't do it anon.
>>105768729
A reverse proxy gives you the service.domain.com, you can do SSL termination too, so your browser will be less picky about keeping you logged in and remembering passwords.
Alternatively, homarr can be set up with IPs (or hostnames) as well as (for some services) API keys and credentials to log you in automatically.

>>105768808
what if he replaced the 2.5" HDDs with SSDs?

I had my home internet go down for few hours yesterday, and now it's working fine.
I'm sure it's my ISP problem since
>I can't access the internet (hostname not resolved error)
>Can still access my ISP website
>Can access the internet when using cloudflare warp or use VPN
How can I troubleshoot the exact cause?

>>105768869
Well, yeah, you can. It's equally pointless, high capacity SATA/SAS SSDs are still incredibly expensive. You won't benefit from cramming it full in terms of speed, either, since it's a 6Gb/s DAS IIRC
Sure, you could stick 25x 1TB (or 2, 4, 8) SSDs in there, you'll end up with 25-50TB of raw storage for the price of 80-200TB of storage with 3.5" drives.

>>105766147
2 identical disks running zfs.
Zfs snapshot via sanoid/syncoid to the other one.
Backrest with cloud storage for important documents and photos.

>>105768909
Change your router's DNS to 9.9.9.9 or 1.1.1.1, if it works your ISP had a DNS outage.

>>105768909
you troubleshooted everything but your actual network
can you log in the switches and routers? do they have logs?

>>105768909
if it's working now it'll be a bit hard to troubleshoot. but if hostnames weren't getting resolved it sounds like a DNS issue, especially since VPN was working
don't know much about cloudflare warp but it sounds like it does some DNS fuckery
my money is on DNS

>>105768909
More like >>>/g/sqt/
Your ISP's DNS server went down but the gateways were still functional, that's why you were able to access through VPN. The easy way to know is to ping a known IP address like Cloudflare's 1.1.1.1 or Google's 8.8.8.8. If you're able to ping then the DSP's DNS is down. An easy fix is to set your network connection's DNS to said IP's.

>>105768946
But then how could vpn works then?
>>105768953
>you troubleshooted everything but your actual network
I don't need to.
>>105768955
>if it's working now it'll be a bit hard to troubleshoot
Yeah I'm sure it was DNS related but if it is so, then why I could access the ISP website?
I tried switching to different DNS and didn't work.
>>105768957
I tried pinging and tracerouting
pinging the IP directly and it didn't work, however the ISP website did.
Same for tracerouting.
And I thought this would have the best answers instead of /sqt/ since it's not stupid and many people here are versed in networking.

>>105768598
>>105768807
im more asking about the enclosure

>>105769121
It depends what VPN you're using, the VPN will not care about DNS if you're using an IP address as the endpoint, and whatever that endpoint is might also be providing DNS
Your ISP's website DNS records might me on their DNS server, if it was a forwarding issue past that, their website will work, anything else won't. It is odd though, I will admit.
It could also have been a routing issue, you could reach your ISP, but upstream routing from them might have been fucked, that wouldn't explain the VPN though.
>>105769136
The enclosure is a 2.5" drive shelf, that's all it does, so 2.5" drives = bad = don't get a 2.5" drive shelf.

>>105769121
>you troubleshooted everything but your actual network
>I don't need to.
How do you know?

>>105769121
First provide more information you dipshit. How can we know what's happening inside your shitty pajeet-tier ISP. And yes, /hsg/ is versed in networking, most of us agreed it's a DNS problem with the info you gave us.

>>105769121
>why I could access the ISP website?
that's what I was wondering too. simplest idea is that maybe there was a cached record somewhere? hard to know without knowing how your DNS is set up

>>105769206
>First provide more information you dipshit.
I wish I could, but I don't know.
That's what I'm asking.
I did the little things I know like traceroute and ping what else to do?
>>105769249
yeah man.
I know there's some sort of block on some sites, some can be bypassed with switching DNS other need VPN.
So it's shitty ISP for granted.
>how your DNS is set up
I know, my browser is set to use cloudflare with DoH, the other get the DNS from ISP.
>cached record somewhere
Then shouldn the most used domain be resolved ?

>>105769314
>Then shouldn the most used domain be resolved ?
if you're getting DNS from your ISP there's no telling what they do. they might not even cache records
but it sounds to me like your ISP had some kind of upstream DNS outage. maybe they have records for their sites, but don't cache upstream records. hard to know for sure
either way probably just better to configure your DNS server with 1.1.1.1, 9.9.9.9, or 8.8.8.8

I got a dumb ass question. I currently have a home server running manjaro on which I host jellyfin and a couple of docker images for my telegram bots. This is on a mini PC behind my TV: the idea was to use it as a home theater pc and control it with KDE connect. It works OK but it's not really that comfortable to use from the couch, so I rarely use it that way.

I was thinking of putting something like casaOS or similar operating system on it, but I wonder how it works with HDMI output. I couldn't find much on the internet, but it seems like the main interface is meant to be accessed by other computers through the web interface: what is displayed through the HDMI? and how can I control it from the couch, for example to run the jellyfin client as I would through firefox on my current one?

still kinda new to this stuff, hope it's comprehensible

>>105769831
>couple of docker images for my telegram bots
Like what?
>what is displayed through the HDMI?
KDE?
casaos is just a fancy web application

Is there a boruu software, or a plugin for one, that has the ability to download on demand from a website (another boruu or an art gallery site), and also automatically tag it (simply by ripping the relevant metadata from the source)?

>>105766228
>>105766282
>>105766283
>>105766762
>>105767032
I looked a bit more into how proxmox handles ZFS and it seems (almost) as simple as TrueNAS, so I'm probably going to ditch TrueNAS all together. Bind mounting LXCs to the ZFS pool is way easier and simpler than having to set up NFS shares for them, and should be more performant too.
To the docker anon, I currently run a docker host in proxmox anyway using a VM, but I'll probably switch that to a debian LXC so I can again just bind mount stuff directly to the ZFS pool, same for file shares, either a turnkey Linux NAS, or something like cockpit.
The things that are using my big ZFS pool can't be HA anyway as the pool isn't HA, but for other services I can make them HA if I need to quite easily.
It also means that I don't have to;
A. Carve out a chunk of ram for the TrueNAS VM that might not be needed all the time (I wouldn't want to balloon ram for TrueNAS)
B. lose out on an entire HBA for the sake of the 4 drives that TrueNAS is using
C. Deal with TrueNASs terrible "app" support
D. Deal with TrueNASs in general
I would already have to manage ZFS pools on my proxmox hosts anyway for proper compatibility (ZFS over iSCSI is terrible, NFS doesn't support snapshots etc) so it really seems pointless to use an entire TrueNAS VM /just/ to manage a single ZFS pool

>>105769831
I have a BT keyboard connected and use it like a normal PC.
My home server runs a VM with a GPU and USB passthrough.

>>105767890
What is an alternative for a cheap drive in that format that you can just hammer with writes?

>>105771541

Used enterprise ssds?

>>105771541
The other guy was kinda just free balling it, yes all drives can die, but optane is still king for pure write endurance.
Look at something like a P4801x, they do 100GB and 375GB versions, all with stupid high write endurance.
Other than that, as >>105771671 said, most enterprise SSDs will have more than a couple PBW of write endurance.

>>105770762

I'm in the process of reading up on nas solutions and I am currently leaning on using proxmox as a NAS because it`s going to be a good way of learning about configuring storage solutions on linux and that`ll probably be useful in the future if my zfs pool goes to shit.

I'd wager it's easier to troubleshoot if you have a bit of an understanding instead of knowing almost nothing.

>>105771695

Some guys big youtubers have been using used enterprise ssds and they generally say they haven't had problems with them. Not sure if i'd trust these drives with important data though.

>>105771701
Yeah proxmox seems to have way better documentation than TrueNAS, and the TrueNAS community just seems terrible to have to deal with. TrueNAS (the reason I don't like it) is kinda a "here's some sliders and drop downs, just do X, Y, Z, don't worry about what's going on under the hood"
Also, fuck HexOS and iX systems.
Fuck HexOS for being a scam, fuck iX for backing them, and fuck that company working on ZFS AnyRaid as an "open source" project with absolutely zero info available (fuck HexOS for encouraging that behaviour)
>>105771727
Generally, with NVMe and newer SAS SSDs, they're getting cycled out for capacity/scale reasons way before their actual lifetime is up, I got a great deal on a Micron 7400 pro and a Samsung PM1735 and so far they've been flawless

Any point in getting intel lan cards instead of realtek ones for linux systems? I unterstand realtek lacks support on freebsd but on linux it appears they work just fine and are half as cheap as intel cards.

>>105771739
>they're getting cycled out for capacity/scale reasons way before their actual lifetime is up

Makes sense. Maybe i'll give these enterprise drives a try some day, just need to find a use case for it.

>>105766596
if your e worried about data corruption then get a ups

>>105771772
>Any point in getting intel lan cards instead of realtek ones for linux systems?
Nope, just go for it. Never had an issue with Realtek ethernet cards

>>105771772

Meant to post this picture.

>>105771793

I do have one, it's just that i'm lazy and only end up noticing the battery has gone caput after my computers stops working during a blackout so I'd rather have something that would compensate for my laziness.

If only lead acid batteries didn't last so little or if there were lithium batteries for UPSs for a reasonable price.

So what's in store for the next couple of years for a set of drives hat have 55-71K hours on them?
The counter resets at 60K

I feel like I'm in uncharted territory

>>105771828
The UPS will beep at you when the battery is dead, or it should

>>105771828
my apc ups has a USB interface for monitoring and it beeps super loud when the batteries are dead, in addition to all the emails notifications I set up
I bought it used and replaced the batteries once. The batteries were probably the same price as the unit with batteries itself. Probably had it for 6.years now

>>105772013
It should beep when they're draining.

>>105771772
hw offloading
but you dont need that or you wouldnt be asking

>>105772013
>>105772248

I have two different APC UPS', the better one does beep at me like crazy when the batteries go bad but the ultra cheap one doesn't and thats the one I use on my "server" (a 1L pc).

Maybe I should give that linux UPS monitoring app a try to see if it can pull any battery life info from the crap UPS.

>>105772432
It does both for me >>105772248
Draining is constant. Dead batteries but still connected to power beeps a specific tune every few minutes.

>>105771772
other than intel nics have historically been more reliable and performant than anything realtek has ever made

>>105773294

Aren't intel's 2.5gb nics known to be buggy?

>>105773383
idk but only a retard would use 2.5gb instead of 10gb

>>105743098 (OP)
/g/entlesaars, please
I've got a solo proxmox node in an old high end pc. I'm thinking of adding two dual lan trigkey n150s as nodes to give better resilience for opnsense, homeassistant, etc. Terrible/best idea?

>>105773386

Why pay for 10gb if you don't have the rest of the 10gb hardware?

>>105773511
It's cheap and if that's your mentality, then you're going to be stuck on 2.5Gbe forever.

>>105773121
>the better one does beep at me like crazy when the batteries go bad but the ultra cheap one
I presume different topologies.

>>105771999
Never decomission that bitch, it's gotta turn into one of those "NYC firehouse lightbulb" things where you just run it forever

>>105766247
>>105766272

Holy fuck you guys were absolutelly right, cloud storage is expensive as fuck for individuals. Never knew it was so expensive, makes that $99/yr a steal!

Now I just need to find a way to jerry rig the windows backup client to automatically backup a linux NAS.

>>105773593

Well I am using a kaby lake tiny pc as a makeshift server so yes, I also think i'll be stuck on 2.5gb for quite a while.

If I ever get the money i'll just upgrade everything, 10gb will be cheaper by then.

>>105770059
bumping

>>105771778
>use case
read cache
I have an old (consumer) MLC drive I might use as a cache

>tailscale has only 3 users free tier
>wireguard managing seems ass with firewall and needs port forwarding and i am behind cgnat
I genuinely don't know which one i should invest my time in if I need 4 users with different permissions

>>105745886
It just boots via DHCP. It'll grab a different IP.

>>105762282
The only reason to use TrueNAS is to use ZFS. If you don't already have a zpool on your drive to import and you don't care about snapshotting and redundancy, there's no point. A linux server with NFS will work better.

>>105774788
Pay for Tailscale or look into Headscale.

>>105767318
mine fits 3.
>>105768471
yeah dont bother.
>>105770762
based on what other people say you can only mount storage on proxmox if you have a hardware controller for your drives. I just have it running through my motherboard so thats not going to work in my case.
and if proxmox wont use docker outside of a VM anyway theres no point in moving to it. I really dont understand why people aren't already done helping me with panoptikon. It's not really a feeling of expectation more than I don't understand how this app hasn't exploded in popularity and is on like the list of /g/ approved software or whatever.

Is having a lot of images messily or wasting time trying to find it really that uncommon for most people? I figured it happened to everyone.

>>105771739
is the price per TB worth it though?

>>105770059
>>105774304
Hi illiterate anon I have been trying to install the latter in docker>>105743461
>>105743476
this entire reply chain is about that
also as for your first question theres no one tool that does that but a handful that all do the same thing. I dont think they do it "on demand" like a schedualed task but you can probably easily automate it somehow. also if you can get it running on truenas 25.04 docker/dockge/portainer PLEASE EXPLAIN HOW

>>105775434
>why not just use TrueNAS and docker
>why has noone helped me set up X docker stack on TrueNAS
You're not really selling it to me anon
Also, you can mount ZFS pools just fine on proxmox, I'll be using an LSI 9300 in IT mode to handle the drives.
4x 20TB in Z1 + 6.4TB L2ARC (cope and seethe NVMelets)
2x 3.2TB SAS SSDs in a mirror for VM disks (750MB/s write, 1500MB/s read raw performance)
2x 200GB SATA SSDs in a mirror for the OS
>>105775451
For the ones I've seen, they are cheaper than consumer SSDs, obviously they're more expensive than HDDs, but that's kinda not the point of flash storage

>>105775478
These things never state what kind of hardware you should be specing for them. What are you trying to run panoptikon with?

>>105775478
I don't need AI tagging, I've tried that tool and it turns out my computer can't run it anyway.
I want something that can grab tags from the boruu or gallery itself, tags that the people who uploaded the picture already added.
"On demand" just means being able to input an URL or post ID and have it download for me.
Right now I have a couple python scripts doing this for me but I have to ssh in and run the script, the files are saved into folders with symlinks for tags, it's kinda a mess, I'm already at several hundred folders.

>>105775510
more than enough. it's not about hardware, i cant get it to deploy at all. https://rentry.co/24xcptxv
>>105775524
the only thing close to that is hydrus, and its slow, sucks ass, and the hash has to be und exactly correct or it wont work. also it's probably abandoned. i dont know why you say you couldn't run it. this thing runs stupidly cheap. theres also femboy as an alternative that I was able to run and get decent results from an old optiplex with PCIE gen 2 and ddr3 memory (it cant do multiple models or ocr though). I cannot imagine a scenario where either of these programs took more data to run than a toaster. if you struggle to run either hydrus will break you.

>>105775484
maybe im an idiot for not buying some then. I figured 40 dollars a TB was as good as it got.
>not really selling it to me
thats the point I'm trying to make. I don't think of this program as something I would have to sell. to me this is the equivalent of finding everything.exe in a weird github somewhere and no one knows about or uses it, especially on /g/

>>105775560
I'm asking because I don't know. Is it something that'll run on a 3050?

>>105775567
I believe it will run on even less than that but I haven't benchmarked it. It certainly doesn't have to actively re tag anything anyway. as long as my quadro 4000 single slot can tag images in it faster than I can save them it doesn't matter to me. The issue is getting it to run in a container without permission issues fucking me over.

>>105771795
Realtek 2.5 nics are the only ones usable.
Intel never managed to fix theirs

>>105773630
I thought my 70k+ hrs consumer seagate would be one of these, but I took it out and left it in a drawer for a couple months after an upgrade and now it wouldn't start.

>>105775560
Well maybe it was because I was trying to run it on an amd gpu, also tried the fancier stuff like ocr models and captioning.
The tagging works but the default model doesn't work very well for my kinda content.

>>105776096
if you used the CPU version then it will ignore your GPU. I'm not sure what happens if you use cuda with an amd. afaik amd isn't supported but i don't actually know.
>you got it to run
did you deploy it on a system or an actual server container through the yaml script?
>default model doesn't work so well for my stuff
this is actually why I consider it a big deal and upgrade from femboy. Femboy seemed buttery smooth but it was only programmed to use the one model and is abandonware and i could never get anyone else to work on it, but this one allows you to use multiple models for tagging so if one is not working great you can add another.

>>105776244
I just run it locally following their instructions.
It lets you add external models, I might look into that, there's gotta be one that works for me.
But I haven't figured out how to run it on a server the way I want either (isolation, reverse proxy, authentication)

>>105776329
it has a yaml file for running in docker but I cant get it to deploy on truenas

I might actually just run e621ng then write my own importers, it's rather bloated for local use but I kinda like its interface.

I have a 24 drive 60tb jbod where the drives use about 200 watts idling. Not too concerned about the power cost because it's only 11-12c/kwh here but it gets my garage hot as shit with them running 24/7 especially during summer which makes it uncomfortable to work in and also somewhat transfers into the house meaning the AC has to run more. I was thinking about making another small array of maybe 4x 6-8tb drives to act like a cache where they will be the primary io for my devices and then once a day it'll get replicated to the jbod for long-term storage. My reasoning being that doing this I can enable aggressive spin down on the jbod drives so that they will actually stay off most of the time rather than randomly spinning up and down all day long (if they ever even spin down at all) as they get accessed. Does this make sense and sound like a good idea?

>>105776678
Sounds good to me. I think I would attach it to another computer and have the entire thing shut down, then power on weekly for replication.

>>105776678
no idea. i got 7 14 tb drives and I'm poor.

>>105777019
Could do that, but then I would have to set up another computer and then do it all manually. Ideally I would use home assistant or something to control an iot plug to completely power the whole thing off and on to save on the couple dozen watts the parked drives and shelf itself use and possibly simplify the whole idea, but that can be a future project.

Guys, the mini pc is cool as fuck but was a mistake

>>105776678
Why not replace the JBOD with 6 high capacity HDDs in RAIDZ1/2? Would definitely cut down on heat output having less drives running.

>>105743114
Mr pink runs UNRAID like a char

>>105743098 (OP)
did you buy a domain for your home server? right now I am using a duck dns but having to refresh my dynamic ip when it changes is a pain and it's not very robust. I'm also wondering if you host your own dns proxy and if so how did you end up doing that considering most devices only accept IPs as dns entries