>>108509526
>Why is zhe elf in zhe oven!?

Do you really need https certs if you're using Wireguard to tunnel into nextcloud while remote?

>>108509664
maybe if browsers weren't so fucking retarded. they spaz out even if its private ip space. and linuxservers.io moved all their remote desktop shit to a protocol that only works with https. so annoying.

Boughted a Dell Wyse 5070 thin client for 50 bucks with the power brick included and I'm pretty happy with it.
It's only 4gb ddr4 and 16gb of emmc storage but that's good enough for home assistant.
Barely uses 5w of power.

>>108509537
>oven

>>108509772
How new?

Are USoids stockpiling routers now?

File: file.png (43.1 KB)

43.1 KB PNG

So, I seem to have successfully combined my previous truenas and jellyfin host PCs into a single build, upgrade my truenas install to SCALE v25.10, setup jellyfin as an app, GPU passthrough is working for hardware transcoding, and I'm now in the process of recreating my libraries, and not sure what the best way to achieve this is.
I have a bunch of movie, music, and anime torrents, as well as a decent collection of self-ripped blurays, spread across a handful of folders on my ZFS array.
In my previous jellyfin setup, I used windows as the host OS and was able to create a local folder filled with symlinks which pointed to a mapped drive containing shares, so that I could add/remove files to the library folder without having to add my entire torrent/BD collection, as some files didn't work right or won't appropriate (I had a library just for kids content for my nieces and nephews for instance)
with my new truenas setup, I seem to have no option except to add the folders directly as Host Paths. I tried adding them as SMB shares and creating a SMB folder containing symlinks, but that didn't work.
any ideas on how I could do this in truenas scale?
alternatively I might just setup a windows VM on the truenas box and run jellyfin through that, would enable my old behaviour and should also be more reliable through truenas version upgrades, as apps are considered experimental still

>>108509690
you could try using some older browser perhaps solely for this purpose. perhaps some firefox ESR

>>108509526
what if the tank was filled with a gas that makes elves lactate? haha that would be so weird, i wont imagine it.

so, with the recent news, it's best to avoid truenas when building a new nas? whats the alternative for building a media server?

>>108510349
what recent news

File: screencapture-192-168-0-21-31054-web-device-0x5000c500e6b306d3-2026-04-02-14_36_55.png (943.5 KB)

943.5 KB PNG

should I try to RMA this drive? It's a refurb with 5 year warranty and the vendor has been great at replacing previous failed drives
PSU was failing in the previous host machine so not sure if that could have affected results, but running new SMART test fail immediately, short or long
also there was a metal spur on the edge of the case which unfortunately scratched the drive label up badly, and right where the serial number is, so I'm not super confident of actually getting an RMA replacement
it's a raidz2 array so if I can't RMA it I'll probably just wait for it to fail before ordering a new (non-refurb) drive

File: file.png (197.5 KB)

197.5 KB PNG

>>108510572
specifically it was displaying as failed in truenas CORE for the Multi_Zone_Error_Rate but scrutiny reports that as a pass, oddly enough

File: IMG_6061.jpg (1.1 MB)

1.1 MB JPG

I've been trying to find some kind of cheap dedicated control panel to perform various actions on my server - Home Assistant controls, Portainer controls, etc. Ended up buying one of these CYDs for $10 - used Cursor to build the custom firmware for it and it works perfectly. Always on, ready to go. Going to buy a little mic to plug in for voice controls, and 3D print a little desk enclosure for it. Might end up buying a few more to wall mount around the house.

>>108510610
Nice, very cool. Is that just a display or is there a little sbc behind that? What'll you be plugging them in to for the ones around your house?

>>108510678
nevermind, I just looked up what a CYD is. Looks cool, I might have to pick up a few.

>>108510678
It's an ESP32. They just run off of USB-C so I'll probably just find convenient wall outlets.

>>108510712
Yeah, there's actually a lot of cool pentesting tools like Halehound built off of these.

File: 1774899891232612.gif (47.2 KB)

47.2 KB GIF

Instead of adding addresses to the hosts file on my PC can I do the same directly in my Ubiquiti router (without having to add each entry one at a time)?

>>108511016
you just discovered dns

>>108511028
Cool, but when I try adding a new DNS policy I don't see an option to bulk add a bunch of addresses?

>>108511045
>bulk add
how many do you need to add?

File: 1774898351326102.gif (66.7 KB)

66.7 KB GIF

>>108511052
Probably around 80 in total I guess?
A bunch for Adobe and some other software so it can't call home to check the license or deliver ads.

>>108511066
you should've started by saying that you want to block outgoing traffic, you have to add firewall rules for that

>>108511016
set up bonjour

>>108511066
First question, are you trying to block domains or ip addresses? For rerouting/blocking domains, you want DNS, for rerouting/blocking IP addresses, you'll want firewall rules.

The ubiquiti built-in dns functionality is there but pretty basic.
>80 records
At that point you'd probably want to host a dns server somewhere, which you can then configure your router to point to as the default dns server for the network.

There are very many options for this. Pihole is a common one that's built specifically around blocking stuff.

File: 1774902400478405.gif (105.5 KB)

105.5 KB GIF

>>108511162
Domains that then reroute to 127.0.0.1 or 0.0.0.0
For Viber for example:

127.0.0.1 s-bid.rmp.rakuten.com
127.0.0.1 ads-d.viber.com
127.0.0.1 ads.aws.viber.com
127.0.0.1 ads.viber.com

I wouldn't have Viber installed if it wasn't for work, but the little ads running in the corner are infuriating, the easiest option is just to add the domains to the hosts file, but I thought why not make this rule in the router instead.

>>108511194
127.0.0.1 is code that means youre a faggot.

>>108511194
yeah probably worth it to install pihole on your homeserver desu

File: 1772720205564526.gif (217.8 KB)

217.8 KB GIF

>>108511389
I'll have to look into that, but does that mean I'll have to point to my home server as a DNS provider or something?
I'm retarded when it comes to networking, I can set up ddns and nginx when I'm looking at tutorials but I'm just following along with very limited understanding of how anything works.

Instead of exposing shit via cloudflare tunnels I set up a VPS (by selling my soul to the devil and giving Oracle my credit card for a pay as you go OCI account so I could actually deploy a free compute instance) and running Pangolin on it to act as both a reverse proxy and a wireguard tunnel to my homelab. Set up crowdsec and fail2ban and it's interesting to see how much malicious traffic hits a public endpoint as soon as it's exposed.
Pretty neat extension to my homelab. Now I gotta find more shit to run on it to actually make use of those free 4 vCPU cores and 24GB RAM.

>imagine getting filtered by something as simple as DHCP and DNS

say that after trying to get unbound dns working on openwrt. it's a nightmare.

>>108511461
>find more shit to run on it to actually make use of those free 4 vCPU cores and 24GB RAM.
host a big titty elf gallery with a live chatbox feature so we can hang out there

>>108511444
>does that mean I'll have to point to my home server as a DNS provider or something?

Yes

The quick rundown on dns in a network is that when clients connect to your router, your router will hand them the address of a dns server that they should use. (It's also common for routers to advertise themselves as the dns server, and just forward requests from there). Either way, your router will have a setting that lets you set a DNS server that machines on the network should use, and you'll point that at the custom DNS server you run and everything will use that.

Note that applications are capable of having their own dns settings, for example if you go in your browser settings its possible to set a dns server there instead of using the system dns, so just be aware of that if you end up troubleshooting why something isn't going through your dns.

>>108511194
>I wouldn't have Viber installed if it wasn't for work
idk what your work setup is like but you should be aware that if you're using a work VPN those will often fuck with your dns settings

File: 1769581978445599.gif (116 KB)

116 KB GIF

>>108511546
Thanks for the advice, Anon.
I work for a startup that doesn't have much money for anything besides salaries (for now), I'm using my personal laptop and when I'm working from home my desktop.

>>108509526
I'm getting an annoying error trying to update Mealie in proxmox

 Prerendered 42 routes in 0.958 seconds                                                                                                nitro 1:24:17 AM
 Downloading fonts...                                                                                                            @nuxt/fonts 1:24:17 AM
  ─ https://fonts.gstatic.com/s/roboto/v51/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkC3kaSTbQWt4N.woff2                                 @nuxt/fonts 1:24:17 AM
 ERROR  fetch failed                                                                                                                           1:24:28 AM
  [cause]: Connect Timeout Error (attempted address: fonts.gstatic.com:443, timeout: 10000ms)
      at onConnectTimeout (node:internal/deps/undici/undici:1936:23)
      at Immediate._onImmediate (node:internal/deps/undici/undici:1917:11)
      at process.processImmediate (node:internal/timers:504:21) 
 ERROR  fetch failed                                                                                                                           1:24:28 AM

error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
     in line 58: exit code 1 (General error / Operation not permitted): while executing command  yarn generate

This same issue happened during install as well, but I picked the option "4) Retry with DNS override in LXC (8.8.8.8 / 1.1.1.1)" and it worked. What should I do to solve it this time?
Curiously there's nothing wrong with the fonts.gstatic.com url and when opening it in a browser I do get the file downloaded, so I don't understand what's the issue here.

>>108509664
No but it also doesn't hurt to do so. I run all my internal services off of an *.internal.my.tld subdomain and use the DNS challenge plugin to get a valid certificate for it from Let's Encrypt.

I really don't need to do this. I do it because I can.

>>108512389
>I really don't need to do this. I do it because I can.
That's what I was thinking. I really don't *need* it, but why not? Learn something new and do it because I can.

>>108512011
you must be dead retarded to ask this
>docker compose down
>docker system prune
>rm -rf /path/of/compose (if any)

>>108510187
seems I can't passthrough the GPU to a VM, because it's in the same IOMMU group as my HBA, so trying to do so makes me lose access to the HDDs
and truenas doesn't seem to have an equivalent to windows symlinks. I can use the "mount -B" command from CLI but it only works on truenas datasets and not subfolders in the SMB share, so useless for my torrents folder
hmmmm

>>108512629
> I can't passthrough the GPU to a VM, because it's in the same IOMMU group as my HBA
your motherboard must be very wonky or something because every single motherboard I've seen have both full-length PCI-e slots on its own IOMMU group, PCI-e x1 and x4 slots normally share groups unless it's a very high end motherboard

File: file.png (290.6 KB)

290.6 KB PNG

>>108512655
CPU is i7-8700k, mobo is asrock z390 Extreme4.
Intel B580 in PCIe slot #2 (x16) and HBA in PCIe slot #4 (x8) but CPU only supports 16 PCIe lanes so they should both be running at x8.

>>108512689
yeah, figured that was the layout, your mobo is wonky, the only hope is to update BIOS and pray it works. I wouldn't trust the ASL hack or whatever is called

File: file.png (787.3 KB)

787.3 KB PNG

>>108512739
seems a common occurrence for z390 boards, and the last BIOS update was in 2022, which I'm already running
I was originally planning to buy a cheap ryzen CPU/mobo for this so I might still go that route
alternatively I have my old 2500k cpu/mobo/ram I could get my hands on and build into a separate jellyfin box, though I was hoping to combine them

>>108512816
bummer, well, if anything separation is good. I used to have all in a single server but things happened and I split it into multiple. I'm far happier with this setup

>>108512689
couldn't you pass your igpu through to the vm to use for quicksync without running into this problem? waste of a gpu but it's still better than not having any transcoding
>z390
i'm using one of these too, rip to me ever buying a server gpu i guess

File: file.png (645.8 KB)

645.8 KB PNG

>>108513211
potentially, but I have extremely limited upload bandwidth (fastest plan on the only ISP in my area is 1200Mbps down / 35Mbps up) and I bought the B580 specifically for jellyfin and AV1 hardware encoder support, which the iGPU lacks
also in that case I would lose video output locally (I do occasionally use it for troubleshooting) and/or need to keep the b580 JUST for local video output
I'll probably put the 2500k in the truenas box and use the 8700k/b580 in a standalone jellyfin setup
alternatively, my original plan was to get this ryzen bundle from microcenter, but I cancelled when I realized the 5500 doesn't have an iGPU, however if I'm using it as jellyfin host with the b580 on windows that doesn't matter as I'll still have local video out

>>108511987
i use porkbun and tried to poke around but didn't see anything
i did however see porkbun offers free ssl encryption though their own letsencrypt/certbot utility, so im going to try that instead for now

>>108513829
https://eff-certbot.readthedocs.io/en/latest/using.html#dns-plugins

You can do it manually by creating the needed records it tells you to but those plugins simplify things a lot. The DNS challenge/response is soo much nicer than serving the ~/.well-known directory and means you can get certs even if the web server isn't online.

What you could do is delegate your DNS to someone like Cloudflare (if you make a Cloudflare account and then go to porkbun they should have an option to specify alternate nameservers) and let them manage it even if you don't intend to use the "Orange cloud" and have them protect all your traffic. This would let you use their nice API to automate your DNS and then you can use the certbot cloudflare plugin.

>>108509763
Are those strong enough to use as tv boxes? I'm thinking of getting a few to hook up to tv for youtube and plex streaming.

>>108513320
>that pic
why purchase decade old gaming hardware when you can get decade old server hardware for the same price and it will outperform on server-related tasks?

>>108515071
Maybe they don't want to deal with the jet engine.

>>108515079
>jet engine
Their pic showed a mobo/cpu/ram combo with no case.
If someone purchased the same combo, but used server hardwhere, exactly where would the jet engines be, would you mind pointing them out?

>>108509526
>containerized fairy
thanks, i didn't need a new fetish.

>>108515107
server hardware tends to be tailored to specific chassis, normally 1U pizza boxes with jet engines

File: 1774497424995928.jpg (147.8 KB)

147.8 KB JPG

>>108515133
>come in standard ATX size
>"tailored to specific chassis"
>a server mobo/cpu means you MUST get a 1U chassis to cram it into
eggsplain

>>108515148
>eggsplain
You're thinking prosumer/workstation hardware, not actual server equipment

>>108511016
If your router supports importing a csv you can do that. Or you could setup a pihole. If it's ad related they may already be blocked plus it's easy to add stuff there. Or just add them to the hosts file of whatever machine you want to block them on. Lots of options.

>>108515155
okay so my purchase of a supermicro X10SRi-F motherboard with an intel xeon E5-2699 cpu was imaginary then, or if my purchase was real i just instinctively tune out jet engine sounds that i thought didnt exist.
Is that what you're saying?

>>108510513
are the rumors true?

>>108515178
>X10SRi-F
Nice ewaste, also
https://www.supermicro.com/en/products/motherboard/X10SRi-F
Notice how it says
>High Performance
Compare to something like
https://www.supermicro.com/en/products/motherboard/x14sbw-tf
where it specifically calls it Server board?

File: 1744458514335455.gif (38.2 KB)

38.2 KB GIF

I just enabled 2FA for my ssh login, feels good man

>>108515215
Hope you didnt use gmail

>>108515215
on top of ed25519 keys with set passphrase?

File: 1772220165463222.jpg (102.3 KB)

102.3 KB JPG

>>108515237
Of course

>>108515215
What do you do when you want to use rsync? I think SSH has an option in its config to re-use an existing connection so you can login once and then rsync will just work over that same connection. Never really looked into it though.

>>108515258
I don't really use rsync but if it uses ssh I imagine you would just be asked for your TOTP just like sftp does

>>108514859
I'm not gonna try it but the intel igpu supports hardware decoding for the major codecs (h264,5, vp9).
This guy managed to playback 4k60fps on youtube on loonix https://youtu.be/b6O74NRbfUc?t=1007 but honestly it might be underpowered for some stuff so might want to aim for a stronger unit.
Honestly just look up any thin clients available used in your area, check the specs and if the price is right then it's worth it.
At first I wanted to get a raspberry pi (duh) but everything is massively overpriced nowdays so it was more of a shot in the dark.

>>108515215
2FA on SSH could just be a private key that is additionally encrypted with a passphrase

>>108515679
>4k60fps
use case?

how do you organise ethernet cables to avoid horrible messes?

>>108515999
route and tie them in a rack

>>108515999
move everything in your rack to wifi to remove the pesky cable mess

>>108515849
Then I should call my setup 3FA

Less than 24 hours ago I fell for the raspberry pi meme, because the Rustdesk server I was running on a Gen1 T14 stopped working (again) after Windows forced an update
>inb4 hurr durr windows
I'm now running my rust desk server and Pihole on the OS that shipped with the RP5. I cheated and just used Tailscale because I currently don't have the mental bandwidth to do things otherwise (I also don't have a static IP). Going to get unbound running later. What else should I run on it? It has 8gigs of ram if that matters.

My next iteration of my homeserver now has an RTX 3060 and Arc Pro B50 for gooning inference (Arc Pro B50 is there because its existence is hilarious to me and I had to buy it because of that)
it
What OS should I use
Backporting debian (due to Arc card) sounds like anal rape to deal with for a server I'll only access to play with and to do NAS and seedboxing

>>108517328
gentoo

File: 1760371504255236.jpg (179.4 KB)

179.4 KB JPG

I've inherited a couple of pic rel from an old dude that died a while back. From what I'm reading they seem to be locked to their own proprietary OS so it looks like I won't be able to put my own server & open source apps on there. I guess this is a thing that's common across all dedicated NAS hardware? I'm hoping I'll still be able to connect them to the network and use them purely as storage without having to interact with the OS, then maybe get a raspberry pi to handle the OS and computing tasks. So the apps are still 'installed' on there but processed elsewhere. Bit annoying their CPU is basically going unused though.
Thank you for your attention to this matter.

>>108517350
haha very funny
So... OpenSUSE Leap?

>>108515071
I literally just went to microcenter's website and picked the cheapest bundle they had available
I have an entire pile of ECC DDR3-1333MHz RDIMMs lying around that I got off ebay when I was trying to upgrade my old server and RAM was cheap, if you have any suggestions on what I should buy please post them

also I want something quiet and relatively energy efficient, and fit in a Define 7 (E-ATX (max 285 mm) / ATX / mATX / mITX)

>>108514609
what if I already run my own bind9/pihole combo? could i just delegate it to myself? i haven't looked into my DDNS options yet and that part is rather unfamiliar territory in concept for me

>>108517584
I found this interesting thread: https://forum.doozan.com/read.php?2,133718

>>108513829
learn to google. porkbun supports this. you have to flip a switch in the dashboard to allow api access or something like that. this shit is well documented.

>>108515679
It really depends on the use or rather how many different tasks you want it to do at once.
An m710q tiny that i upgraded from a 6500T to a full 7700 could theoretically output 4k60 but in practice none of the ports supported it. I should have tested decoding/encoding/transcoding before i gave it back to my buddy who gave it to me for refurbishment tbf.
But generally if you want the igpu to be better at 4k60 or higher
>newer intel with the 700 series (730/770) igpu (11th gen+)
>AMD Zen2 based laptop chips with a Vega 6 iGPU
>or Zen3 if you can find them for cheap enough
Basically buy new or use something with a maxwell era dGPU a used laptop with an MX chip

File: Screenshot 2026-04-03 at 21.15.29.png (728.9 KB)

728.9 KB PNG

You're running your homelab on k8s, aren't you anon?

When you backup a VM running docker containers are the databases and other shit the containers use going to successfully back up too?

>>108518898
>flaresolverr
why offload the generation of cloudflare cookies? do you use them to unblock some sort of script that's not running in a browser? can't think of another use case

>>108518898
>april 2026
>using booklore

>>108518983
It's not booklore anymore, it's https://github.com/grimmory-tools/grimmory, just haven't gotten around to renaming all the resources yet.

>>108518978
It's for prowlarr (and by extension lidarr/sonarr/radarr). Some torrent indexers use captchas (namely 1337x) so you need some way to automatically solve them.

>>108518994
you're not worried about the state the codebase could be in after months of full throttle vibecoding during the booklore days?

>>108519016
ah makes sense

>>108519033
Meh. It's fucking ebooks and I have a million backups, so if some bug shits up my library it's not a huge issue. The featureset is pretty extensive and it's significantly less painful to use that Calibre Web (Automated). Also the new maintainers seem like they intend to slow down and focus on consolidating things a bit, so it's not looking too bad.

>>108519057
>Also the new maintainers seem like they intend to slow down and focus on consolidating things a bit, so it's not looking too bad.
this is definitely the smart move. i might switch to it in a year or two if things seem like theyre going okay.

>>108519083
Their first move was removing the distracting animated donation button in the fucking top bar of the web UI, which helps inspire confidence.

File: 1724361433211728.png (208.8 KB)

208.8 KB PNG

What are people doing for manga? Looking through the archives, I saw people talk about Suwayomi as a downloader, then pointing Komga at the download folder. This feels a little awkward though, even after setting up Komf to get proper metadata/covers, Komga still seems to not be able to order the chapters right.

>>108519123
I made my own downloader and it handles some metadata and compressing to .cbz and the uploads to a specific iCloud folder so it appears on my iPad. Set to run every day

>>108517328
>Arc Pro B50 for gooning inference
text or pics? isnt it slow?
asking because i could get one for cheap

>>108517328
>b50
drop it, just go with nvidia, even though i hate their proprietary drivers but it's the only thing that just works for gooning, i ended up building a dedicated gooning server with nvidia cards

>>108522910
What the fuck even is a gooning server?

Buying used hdd off ebay and have them shipped across the globe is still cheaper than buying used locally. Living in third world shithole is suffering.

>>108512579
docker still keep some files.

Anyone have tried KasmVNC?
I have more powerful server (Just thinkcenter) and I do most of my stuff with my old T61.
I want to test waydroid but I don't want to mess with my server or laptop.
How well can this run something like qemu?

File: IMG_9943.png (1.3 MB)

1.3 MB PNG

Is it a dumb idea to get pic rel and put opnsense and my self hosted webpage on it? Any better options?

whats a silent ups for a small itx server
i dont want loud fans and random buzzing and such

File: file.png (212.7 KB)

212.7 KB PNG

just installed a UGREEN NAS with a 14TB toshiba HDD
no RAID because i don't care if the hdd fails, i don't class movies/tv series as important data
i absolutely love the shitty chinese software with bad translations, it's cute in a way

Finally sorted out my arrstack issues. Vlan was blocking the mounted drive i had on my qbittorrent vm. Is a NAS still the preferred storage option for a media server or should i just get a DAS and attach it directly to my proxmox host?

>>108523634
I prefer my websites to be on a VPS/PaaS. I don't see the point of selfhosting websites on your own hardware.

>>108523029
a server running services designed for gooning
>vid organization
>ai chatbot
>ai pic gen
>ai vid gen
>torrenting
>scrappers
and maybe more

why the fuck is a 4 bay hdd enclosure so expensive? £100+ just to plug in some hard drives

tried to setup jellyfin for myself and a remote access friend, on my second pc, with a 4b local model loaded in the background to see if it would take a hit soing double duty. OOM'd to high heaven.

Learned about Jellyfin's ffprobe memory leak quietly and continuously filling buff/cache. Memory cap didn't fix it.

What do I do anons

>>108524550
I befriended someone with a 3d printer for this exact reason

>>108524565
download more ram or enable fast swap

>>108524611
Thinking I'm gonna just get a micro ATX PC case, 4 SATA-to-USB cables, then a little powered USB 3 hub. Will still easily end up less than half the price (if that). Ridiculous.

>>108509526
hello /hsg
i am a pleb who's isp is using carrier grade nat so i can't self host.
however i do have a linode vps that i use to self host couple of things such as
1- Team speak server
2- wireguard vpn
3- adguardhome
4- syncthing
5- mail server
6- a personal website you can check it here: hue.eidos7.xyz

all these are running inside docker containers.
i wish i could host these at home but oh well.

>>108524214
Return of investment in my case would be ~2 years if I decide to go self host route + I could use the box for other stuff as well while making it a learning experience. Just have to figure out other uses to get most out of the box.

>>108524670
>i am a pleb who's isp is using carrier grade nat so i can't self host.
cloudflare tunnels are free

>>108524693
i remember i red something about it but i was told it only traffic http/https
i am hosting services that need other types of ports
correct me if i am wrong tho

>>108524704
i think it also supports other protocols but not raw UDP, but you could host your personal website at least
maybe tailscale would work? haven't tried it

we were so close to page 10. just let it die.

>>108524744
>tailscale
i can technically make something similar myself using the same linode
install wireguard on linode
have a home server connect to the wireguard server on linode
then let linode do the port forwarding
but then its like just host it on there lol

How the fuck do I make a proxy for protonVPN free account?
gov blocked whatsapp

File: screenshot.png (5.7 KB)

5.7 KB PNG

Just started learning ansible, but man the feeling of just setting up/maintaining my entire system with one command is orgasmic

where are u guys getting your music for shit like navidrome?

>>108525188
rutracker

>>108525188
redacted and jpopsuki

Probably a retarded question, but what's the best way to set up a file server for "home cloud" type usage? Ideally usable by normie family members, so a nice webui would be great, that or native integration into windows + mac + linux.
Extra nice if it would give people a way to also automatically sync local folders (kinda like how actual clouds like dropbox do it), on top of just cloud folders you can download from/upload to.

I know of Nextcloud but it looks like a massive piece of software, of which I don't need 99%; I'm not trying to replace an entire google workspace suite or something, just shared storage for my family at home. Is there some middle ground between Nextcloud and manual scp/rsync in terms of scope?

>>108525188
download whatever i want from youtube at 256kbps
then convert to flac and seed it for 1TB

>>108525589
>but what's the best way to set up a file server for "home cloud" type usage?
synology or if you're poor like me proxmox+xpenology.

>>108525709
>proxmox+xpenology
so you passthrough the drives to the xpenology vm?

>>108525709
>synology
That requires their own hardware, right? I'll pass.
>proxmox+xpenology
I'm actually already using proxmox, xpenology looks interesting

>>108525696
i have like zero torrenting exp desu, is youtube-mp3 still legitimately the best method if i'm iffy about torrenting?

File: Screenshot44.jpg (114 KB)

114 KB JPG

homelab getting tough out there

>>108525786
the subreddits i'm aware of are both awful
>/r/homelab: look at the cable organization and leds on my $20k full server rack! no i won't tell you specs or what i use it for
>/r/selfhosted: i was tired of lovense not recognizing my bull's vibrating cockring, so i built openclawdense :rocketship:

>>108525733
>you passthrough the drives
yes. there are also other ways like you can even run it bare metal.

Now that i mostly use my old gaming pc as a home server, what are some measures i can take to reduce idle power use?

>>108525816
>run it bare metal
doesnt it have nonexistent powersaving support tho? i tried it exactly two years ago and every piece of hardware was cranked up 100% 24/7. i dont mean it as a bad thing, actual synology is the same way.

how bad is it to use consumer drives rather than nas or enterprise drives for raid 1 or raid 10 ? I've had all kinds of funky situations, sometimes it worked well, sometimes the consumer drives would pop out of raid when mixed with enterprise drives at random times. is it something I should actually be concerned about ? i would like my shit to be stable...

>>108526302
The real issue is to avoid SMR. Also, having one shitty drive in a RAID can cause all the other drives to have to wait on it. It's frustrating to stare at your RAID and see one sole drive working as hard as it can while the others blink and seem bored.

File: 1758053798097113.png (107.5 KB)

107.5 KB PNG

>>108525815
that sounds awful. my main issue with those subreddits is that when someone has a problem, the snarky or PC replies are at the top and actual suggestions or solutions are at the bottom
are there just less hobbyists doing this or has everyone went someplace else?

Even used drives are double the fucking price now it's actually over

>>108526784
that's typically what you get when everyone is thirsty for upvotes
classic forums, as shit as they were with lunatic mods, did not have this problem
this is also what happens when
>get the fuck out of here with your offtopic garbage you retard
is regarded as online bullying and borderline terrorism and gets your ip range permabanned forever. you get doxxed and harassed at work too if you ever posted personal info.

>>108509526
I have an UXG-Pro-Max-PoE-24 switch that has a UXG-Pro-Max-PoE-16 in a separate building connected to it on port #7. The STP in Unifi is set accordingly where the PoE-24 has a smaller number than the PoE-16.

Yesterday I replaced the power supply of a Philips Hue bridge that's on port #23 of the PoE-24 to a PoE splitter so that I can free up a power socket in the rack.
After that, port #7 stopped working. The etherlighting started a pattern of blinking 3 times and shutting off for 5 seconds before blinking again. Only once did the connection get restored, after pulling out the Philips Hue patch cable to test, but it only lasted for a minute or so and then it's back to the blinking pattern. On the PoE-16's side, the port that's receiving the cable doesn't have any lighting.
In Unifi OS it's saying Anomaly 100 which is irritating because it's the same errors I had a few months ago on an older USW-24-PoE & USW-16-PoE. I thought the old switches were the issue because this seemed resolved once I changed them, but apparently the problem still exists. Also I used a cable tester that you connect on both ends of the cable to light up 8 LEDs, and apparently there's no problem with the cable because all 8 LEDs lit up successfully.

What could be the reason here? Shitty wiring or something about PoE? It can't be the latter because switch-to-switch doesn't require PoE.

What's the best solution for self hosted cloud storage? Is nextcloud the best option?

File: autistic_diagram.png (97.3 KB)

97.3 KB PNG

Good morning. I come to you with a very autistic question.
Basically right now my home network is entirely "dumb". Everything has access to the internet, including some IOT devices that I only use over HomeAssistant but which still technically have normal wifi and therefore internet access.
I nabbed a managed switch with L3 capabilities off of ebay, and I want to use it to partition my network, so that IOT is LAN-only for example, and similarly I want to add cameras and have them be in a LAN-only subnet. However, physically speaking, the big switch would really fit best in a second separate building on my property, which is connected to the main building with a single ethernet cable.

I'm a complete networklet, so excuse me if this is very retarded, but is it possible to have that switch manage my network without physically placing it between my router with the WAN connection and the rest of my network? I can kind of comprehend how I could do it if I plugged both my ISP router and my other dumb switches all into the managed switch, and set it up to only allow connections the way I want them, but I wonder if there's any way to have it "virtually" manage my network while physically only having a single cable connected.

>>108527724
depends on how you want to be able to access it. nextcloud has a lot of access.
>>108527785
vlan

>>108527987
I only care about accessing it via computers (windows and linux, mostly linux), I don't care for phones.
Nextcloud does a bit too much, I just care about storing and transferring files. I also want thumbnails and previews. Opening pictures, videos, maaaaaaybe text documents is appreciated and all but not a requirement.

>>108528021
You can just set up SMB shares for that

>>108528257
Alright, but what are good software for that? I want software recomendations.

>>108528277
smb is software. your desktop environment you choose is software. if you want thumbnails for remote shares you'll need to see how your desktop environment's file manager handles that.

>>108528277
What is your server running?

>>108528287
DietPi.

>>108528293
https://dietpi.com/docs/software/file_servers/#samba
Since it's apparently just modified Debian you could probably run Cockpit or Webmin if you want a gui for setting up SMB

>>108524674
If it's a learning experience i'd go with a VPS/Azure VM/EC2 instance and learn how other services in that ecosystem work with each other, since that's what most companies will do instead of selfhosting it on their servers. But that's just my opinion.

File: s-l400[1].jpg (35.9 KB)

35.9 KB JPG

Was browsing the local hardware store and saw a bunch of these light screw wifi security cameras
Any way to run these locally?
The boxes made it sound like each one had to run the manufacturer's app and paid cloud service, and I'm afraid to pick one up just to find out they won't do shit without an active internet connection

File: isometric.png (1 MB)

1 MB PNG

>>108509526
you had one job

>>108517719
No, not unless it's a publicly accessible nameserver on the Internet that owns the zone and Lets Encrypt can verify against (i.e it needs to be authoritative)

how come nobody vibecoded an azure/ec2 emulator

>>108527785
you can force your local IP traffic through the L3 switch by setting it as the gateway for that part of the network, but you're not gonna have L2/VLAN isolation inside that network segment

>>108526861
was looking for some external drives like expansions but they are so shit they just die suddenly all the time. it's like they're made for 50 hours of total use.

Not sure if this is the right thread but I'm tired of scrolling the catalog to try and find a better fit.

Last November I hit the data cap on my 800Mbit xfinity plan so I added "Unlimited" and they upgraded me to 1000Mbit. For whatever reason they decided I had had TV service and started sending me TXTs to return unused equipment that they never issued. I just assumed it was an error but last month they started charging me $14 (and prorated for part of January too) because I hadn't yet returned the hardware.

Today I got on the app and had them cancel the charges going forward and they gave me a FREE* upgrade to 2Gbit for the same current price.

Problem is I don't think any of my existing network hardware can actually handle 2Gbit if I decide to keep the service after the promo year. Is it worth upgrading or just cope and eventually cancel if there's no noticeable benefits?

>>108535127
dunno most of us probably don't have 2g

>>108535127
you really won't see any benefit except when downloading huge files, however you'll see the benefit if your upload speeds are also improved (upstream is mostly the bottleneck of homeservers)

>>108535127
I got a free upgrade to 1gig late last year and don't really notice it. Sites on the internet rarely download faster than 40-50MB/s

>>108535335
>>108535350
I've been out of the house all day and can't find the modem model. I'm almost certain it doesn't actually support 2Gbit though. The router is a Linksys Velop Wifi 5 node. I used to use an older Netgear router configured to act as just a switch but I thought it wasn't 1Gbit and bought a cheap 8-port 1Gbit switch (forget which brand as well) only to find that Netgear thingy was 1Gbit all along.

Any of that worth futureproofing?
What if I tell xfinity I want xFi gateway? Is carrier supplied equipment still a bad idea?

The only homelab-ish thing I have is a Pihole that I don't remember how to update or set up again if I do go forward with equipment changes...

How the fuck do you do backups "properly"
Do you just plug spare drives in and out by hand all the time to make offline backups? Or pay for a cloud service? (Assume I'm fine with losing my data in a housefire or tsunami.)
I could set up something like using btrfs and having automated snapshotting to a separate set of drives, but then it's not an offline backup. Would building a second server just for the purpose of having the main one send snapshots to it, be a good backup solution?

Also does it make any sense to use RAID1 and/or DUP data layout on backups, or should I just make more separate backups

is ram cheap yet

>>108536750
the improper way to do it which is what i do is to plug a flash drive into the server and run a cronjob to backup the 1% of data on my server that i care about

Is it better if i put Traefik on my VPS or on-prem? I have CGNAT internet at home. Planning to use Tailscale to make traefik more secure but i'm not sure if it's the right play.

>>108535679
ISP equipment is much better these days, some supply devices that would've been hundreds normally. It really depends on the exact model though, and they might charge extra for it too.
Plus your devices must also support the higher link speeds.

>>108530519
is the tank filled with my farts?
please tell me it's filled with my farts.

>>108535127
I moved into a new house 2 years ago, Comcast is the only ISP in my area and their fastest plan is 1200Mbps down/35Mbps up, and I work from home so wanted as much upload as possible
since I had to run ethernet through the house anyway and didn't want to pay comcast for equipment fees, I went ahead and got all 2.5GbE capable stuff, modem, TP-Link router, switches, and WAP (I plan to eventually add an outdoor rated WAP as well to cover my yard and might eventually expand the network to my detached garage, but so far I haven't spent that much time out there)
the only things that ever make any use of the extra 200Mbit download over 1GbE is steam game downloads and highly seeded torrents
but then I also got a protonVPN subscription to avoid getting copyright infringement notices so I rarely get over 90MBps download with the VPN running, so it's really just steam
on the flipside, everything I got wasn't much more expensive than new 1GbE equipment, but if you already have an existing network it's probably not worth upgrading

Guys I'm tired of paying Apple Music for Lossless/Spatial Audio. I am thinking of buying a cheap NAS and just stream the songs I like onto my Sonos system. Can anyone recommend me a NAS no more than 1-2TB and tell me how I can set it up for music streaming to a wifi speaker?

Best option for 4 bay storage running truenas?
DIY with chinkboard n100 or ugreen/minisforum prebuilts?

>>108538130
what does a nas have to do with wireless music streaming? does that sonos even support dlna in any way? i would diy a itx server instead

>>108538882
used synology

Is synology actually good for you or does this thread have a resident shill spamming his favourite proprietary corposlop

>>108539546
>Is synology actually good for you
it's miles ahead of every other alternative when it comes to software and especially build quality, but only if you get it for cheap on the used market. i would never get a new one tho, way too high priced. also keep in mind their OS is a locked down ancient kernel with zero powersavings so people get like 35W idle with two drives so if you dont like that stay away.
therefore i would either build my own in some sort of decent sized jbod case rackmounted or not, or just go with used synology. personally i think there isn't a viable 3rd option, everything else feels flimsy and unreliable with all sorts of chink sata controllers dubious nics and barely any pcie lanes and fuckall warranty.

>>108538882
wendell did a video fall/winter last year showing ugreen or somebody's AMD based NAS running ECC RAM. I'd get that one.

>>108540096
I should've actually clarified I'm looking at the software specifically, such as the proxmox+xpenology option that was mentioned earlier itt.

>build my own in some sort of decent sized jbod case rackmounted or not
That's my plan, right now I have a chinky minipic with a cursed SATA-to-USB setup, but if I were to do this "properly" I'd just get a small case (in my case not rackmounted, maybe a Jonsbo or something) and shove my drives in there.
As for first-party synology hardware, I really don't like how it's locked down and you can't just run what you want on it, if I have a server with some drives I also want to use it as a server for other things not just NAS. And >ancient kernel does not inspire confidence either.

>>108540251
It looks nice and is retard friendly, if I was setting one up for a relative it's what's I'd use.

>>108540275
I suppose. I just don't trust janky proprietary solutions, especially when the alternatives are either locked down proprietary official hardware or a nigger-rigged jailbreak.
But then on the other side are janky open-source hobbyist solutions, and I end up sitting with decision paralysis and taking years to "get around to" setting anything up.

>>108539546
at no point was a proprietary piece of shit recommended in /hsg/
since the dramatic drop in quality in /hsg/ you get a lot of newfag bad takes and that's one of them.
probably 75% of what you see in this thread is bad advice.

can someone post more fairy, its cool

NAS, ebay :/
NAS, Aliexpress :O gargling cum under a cherry tree

synology is great if you're too retarded to build your own pc and install linux on it, but surely people like that wouldn't be on /g/ right?

>>108539096
I have no idea, all I see are guides using NAS systems or an old Mac Mini which I guess can be used as an ITX server. The cheapest Mac Mini is $500 though and I thought a server would be cheaper considering I just want to stream lossless music from it.

>>108536750
Why are you trying to make offline backups?

>>108542582
Because /g/ told me it was important, and that RAID is not a backup and all that

>>108542595
real backups just need to be in a different location so if your place burns down your backups don't.

>>108542595
Offline backups aren't really a thing. Offsite yes but that just means a different location and it depends on how you scope "site". It could be a different room, different house, different city or different timezone.

>>108509526
What does that device do? It's not going to hurt the fairy, right?

>>108543109
And if I don't care about offsite, then are some spare drives in the same machine still a good enough backup? Or would I have to set up a second machine/NAS to hold the backups (e.g. to protect against kernel bugs wiping my storage or whatever)?

File: 1755233488403860.jpg (151.5 KB)

151.5 KB JPG

why do you guys host boring stuff. post massive anime or manga collections or something cool instead of security cameras and adguard.

bro just become a sysadmin and learn to harden your Linux and nothing can go wro-ACK!

>https://www.reddit.com/r/homelab/comments/1se88yz/i_thought_my_vps_was_hardened_but_it_was/

File: file.png (55.8 KB)

55.8 KB PNG

>>108543419
how big is massive? (left is BDs I personally own and ripped myself)
I have torrents for basically every loli-centric anime I could find tagged on MAL

>>108543488
>left is BDs I personally own and ripped myself
out of curiosity why separate them like that?

>>108543488
>ripped myself
Out of curiosity, what's the point of doing that?
Especially if you're not re-encoding the video in another format, just get a REMUX release from somewhere it's the same data as what's on the disc.

>>108543419
I host the complete DC Comics chronology from the first issue up to Death Metal, that's ~3TB of comics

>>108543512
it's always made sense to me to keep torrents in their own folder, the often get moved around or sometimes deleted, the BD_Archive folder is a bitrot protected archive of everything I own (I've also ripped basically the entire collection available at my local library)
also you can't playback BDs on PC without an 11th gen intel CPU due to instruction set bullshit, so I'm required to rip them if I want to watch them easily (I've bought like 6 different flashed UHD drives before finding 2 that actually work properly and didn't break within the first six months, thanks used listings on japanese ebay)

>>108543535
I only recently got into a decent movie tracker and a lot of the discs I own were for things I couldn't find proper remuxes for, and also I occasionally like the behind the scenes/extras stuff
also anydvd sucks and that seems to be what a lot of people use for backups, makemkv is bae
I spent like $80 on ebay for a copy of the out of print Hoffa bluray, I have blurays of all of Danny DeVito's directed films

>>108543586
Understandable, rutracker is pretty good for movies, just don't be intimidated by the language barrier, I'm not russian either

File: file.png (48.3 KB)

48.3 KB PNG

>>108543599
rutracker is bretty gud, I got my entire kino folder from there

File: 1747365312706955.jpg (128 KB)

128 KB JPG

Assuming I store data on HDD/SSD.
EC recommends I should read all data at least once a year.
How would I do that?

>>108543469
>parks car in ghetto
>locks doors
>car gets stolen.

>>108543645
I'm pretty sure there are apps that will do that for you on a schedule.

>>108543469
you know you can just keep reddit on reddit, right? no need to shit over here too.

File: file.png (38.7 KB)

38.7 KB PNG

>>108543535
here's my full disc archive, there's a handful of DVDs included, mostly for stuff that never got released on bluray
some DVD highlights:
Johnny Dangerously, early Michael Keaton gangster comedy film, with theme song by Weird Al
Evangelion Perfect Collection (it was the first version I saw, back when I was in high school, and I kind of always hated the tin-can sound effect they added to the pilot plug audio in the 5.1 surround eng dub version from the Platinum Collection DVDs/later releases)
both US and JP DVD sets for Tsukuyomi: Moon Phase (I wanted to try and remux them for a max-bitrate version but the interlacing is a huge pain to fix)
Happily Ever After and Pinocchio and the Emperor of the Night, two knock-off disney sequels that are absolutely terrifying and probably not child appropriate (they had them at my library when I was a kid)
full set of Dick Proenneke's nature documentaries: https://en.wikipedia.org/wiki/Richard_Proenneke

>>108543701
on linux?
I'm fine doing that manually.

>>108543645
bitrot is meme
>>108543712
How do you rip these?

File: 1765693388292718.gif (874.8 KB)

874.8 KB GIF

>>108543419
>or something cool instead of security cameras and adguard
i run a kubernetes in docker stack with over 40 containers on a home server but its to test a production deployment and i dont really use it for much (yet) other than testing and development
eats 28-32gb RAM at idle and the recommended specs are 64GB RAM (i gave it 128gb)
i locally host forgejo on another server that contains a patch that deploys a docker container with gpu passthrough for llama.cpp, and a patch that adds an MCP container and an open webui container but i havent developed it much. Ideally, the MCP container will have tooling and access to all the containers that individually host inventory management, grafana, prometheus, secrets vault, redis, postgresql, ... etc

>>108543645
this applies mostly to flash memory chips. just dd them to /dev/null. ideally you should be using a raid and just have regular scrubs going.

>>108543780
I'm not on any RAID.
>home server

>>108543728
makemkv has a full disc backup option, though it does ignore some small things like PS3 identifier xml files, works for both 4k/blurays and DVDs
harder part was finding working UHD drives, I went though 3 LG drives which worked for a while before failing, bought a Pioneer drive pre-flashed from a guy on the makemkv forums which died six months later, and then finally found 2 Pioneer BDR-XD07J-UHD drives listed for sale as used on japanese ebay, with manufacturing dates that indicated they might have old enough firmware to work. I got lucky and both drives work fine and have been for about 18 months, though I haven't ripped anything in a while.
You need particular firmware to rip UHD discs and if the drives are updated to a new firmware (post-2022 or so) then they can't be reflashed with the working firmware.
Pioneer drives are definitely worth the price premium though, even when my LG drives were working they would fail on certain discs or occasionally have read errors and I'd have to start over, supposedly the Pioneer drives have some kind of error correction built-in but they've always worked consistently (and quickly, read speeds are great)

>>108543645
You only need to worry about this IF you power it off.

>btrfs.5#MOUNT OPTIONS
>Most mount options apply to the whole filesystem and only options in the first mounted subvolume will take effect. This is due to lack of implementation and may change in the future. This means that (for example) you can't set per-subvolume nodatacow, nodatasum, or compress using mount options. This should eventually be fixed, but it has proved to be difficult to implement correctly within the Linux VFS framework.
What in the world.
https://man.archlinux.org/man/btrfs.5#MOUNT_OPTIONS:~:text=Most%20mount%20options,Linux%20VFS%20framework.

>>108545099
the only thing that you would want to disable is cow, the rest don't matter as much. you can still disable cow on files/directories.

>>108545125
That is essentially what I've concluded too.
I was just surprised. It was a big assumption I had about how subvolume mount options worked that many guides seem to have too (at least it is now noted on ArchWiki) that is completely incorrect.

File: 1773810840287682.jpg (304.5 KB)

304.5 KB JPG

>>108543712
>moon phase dvd sets
neato, I just finished watching that the other day.

atime, relatime, or noatime?
I'm using btrfs with snapshots, and I heard that atime can really slow that down in the worst case, but I have one directory full of stuff that I need atime for for a script I wrote to work.

File: [mottoj] Tsukuyomi Moon Phase - 21 (R2DVD 1024x576 HEVC FLAC).mkv_snapshot_24.18.928.png (898 KB)

898 KB PNG

>>108545276
I didn't realize it until 20 years later, but it was largely responsible for my awakening.

>>108527517
you bought a unifi device is the reason.

>>108532031
with VACLs you can get isolation within the segment. same with isolated PVLANs blocking all chatter intra-VLAN. cisco only for VACLs, but juniper has a derivative to VACLs that does the same thing.

File: 1775034077766915.jpg (6 KB)

6 KB JPG

I'm stumped, maybe someone here can help.

I'm running a hexos NAS, Truenas Version:
25.10.2.1 - Goldeye
I've been running it for over a year, slightly disappointed with hex so far since it still has nearly no functionality. Everything I do with it is done in the truenas interface instead of the hex interface.
Anyway, I'm running transmission and gluetun has been good for over a year. Until last week. now I can no longer access the transmission webui. Looking at the transmission logs, everything seems to be operating as it should. everything else on the nas like jellyfin works fine. I can manage it from my laptop, I can brows folders using it as a network drive.
I just can not open my transmission webui. I'm somewhat linux illiterate but I have tried running older versions of transmission with no change.
Would anyone have any advice on where or what to look for as to why this stopped working? several days of googling has not helped.

>>108548597
gluetun is kinda shitty. i still use it, but the way it handles firewall rules is... not ideal. you can try restarting it in case the firewalling got confused. if that doesn't work you'll have to dig deeper.

Anons, I have a dilemma. While looking for sso solutions I stumbled upon kanidm and it seems like it has an appealing featureset and something I would like to use in my homelab.

However.

It's made by rustrannies.

So now I'm conflicted. Wat do?

>>108549588
use authentik

>>108549588
pocket id, authelia
authentik is pyshart bloat that will eat 3gigs of ram for no reason

>>108549645
>>108549588
use authentik if youre not a poor jeet

>>108550148
No the other anon is right, 2-3 GB RAM usage for a simple homelab IDM is fucking retarded. I'm running on a mini pc with 16 GB RAM, not gonna waste that with Authentik.

Is PrimoCache a worthwhile program?

Should I...pay for it?

how to build a fanless multi HDD NAS without resorting to external drives or chink N100 motherboards

File: 1775266365976~2.jpg (150.5 KB)

150.5 KB JPG

9300-16i HBAs aren't that bad

>>108550894
9500 is the superior intellectual white man's choice

>Upgrade server
>Go from i5 3470 to i7 8700
>Clone windows installation
>Plex is now often choppy/laggy when playing back on other devices
>All playback is in within same LAN with devices that had no issues previously
What is happening here? All I can think of is cloning Windows is an issue. Google and other search engines take me to forums where people are blaming old hardware, yet this CPU is 8 years more recent than my previous one, and functions well everywhere else. Any transcoding settings I should quickly check?

>>108551709
>Clone windows installation
you should reinstall windows or update it properly so it picks up any extra drivers that it needs like chipset, video, and so on. are there any exclamation marks in device manager?

>>108551709
did you do network tests?

>>108551709
looks like driver issue, do a ddu

>>108551709
motherboard change (in particular when different chipset) = windows reinstall
clone is doable but you'll have to troubleshoot things for a while driver wise for shit to run stable at full speed

>>108548700
I have restarted everything multiple times. I let transmission update, I let hexos update, I've restarted the nas box several times, my router one time. right now I'm running a romancin install along with the exact same gluetun code and it is working fine.

Secondary drive permissions set to root:$user or $user:$user? What do we think /g/amers?

File: slight concern.webm (715.2 KB)

715.2 KB WEBM

>Device: /dev/sdf [SAT], 1 Currently unreadable (pending) sector
it's probably nothing. probably.

>https://old.reddit.com/r/selfhosted/comments/1se8ara/i_thought_my_vps_was_hardened_but_it_was/
apparently the the vulnerability was through the webhost
is there really no way of hardening against this beside choosing a different host that doesn't use the same system as the one that's compromised?

hello, I bought a small SBC arm device with a rockchip3566 and 2gb ram I plan to install openwrt in it and make a router with adblock and unbound dns but configuring unbound on openwrt is a complete nightmare so I installed debian 13 without gui and ssh'd into it and installed pihole and unbound, so it's a dns resolver now, pretty fun project, occupied my mind for a good 4 hours but I feel like it doesn't filter nearly as many ads as I thought it would using the "steven default list", should I add more lists? are there more fun things to add to this project?

>>108553719
not going there and reading shit, don't being that shit here. use wireguard.

Is it better (read: more economical) to buy an n100 or n150 mini pc to use as a router or buy something like a mikrotik router? I'm looking to get something that can handle gigabit internet behind wireguard as cheap as possible.
Don't know anything about router so making one myself would take some work but I don't mind putting in the work.

I'm looking for a way to create a tunnel between docker containers in my VPS and homelab. Found a bunch of guides and projects to do this with wireguard, but it's unclear to me if I can just follow along without breaking my existing applications that use wireguard (i.e. Pangolin). Most of the approaches seem to screw with iptables and create a wg0 interface. Can I have multiple wireguard tunnels on a single machine? How would I let them coexist peacefully? Would I need to create separate interfaces and use different ports?

Speaking of tunnels into my homelab, I currently have the VPS set up so Pangolin protects endpoints with a login, tunnels into a docker network in my homelab only exposed to Caddy, which then proxies the traffic to my backend services (mostly other docker containers).
Now I did my best to secure the VPS, but since I'm just a bumblefuck dicking around I suppose from the homelab side I should treat the tunnel as potentially hostile as the rest of the internet. Only being exposed to Caddy limits the blast radius somewhat, but I still feel like there should be something of a firewall between the wg tunnel and Caddy. Any proper solutions for putting a firewall between docker containers in a docker network?

>>108543754
Yes but do you have an identity provider and run those 40 containers behind a reverse proxy. What kind of vnet?

>>108554785
you can just slap openwrt on it and wa la

>>108554773
>use wireguard
he did you spastic

>>108554785
mikrotik is what you're looking for, n100/n150 minipcs are chink tier designed to be clients that will eat you more time and money than the mikrotik one

>>108554557
why do you want unbound so badly? install adblock fast and smartdns. openwrt ships with dnsmasq, which is fine.

>>108553719
Possibly fake, possibly some user error he didn't disclose, or possibly an issue with the host.
There isn't enough information to say.
I wouldn't worry about it. If it's a novel attack, it'd be weird for them to just use it on some random and run masscan. If it is with the host and it isn't novel, they'll probably fix it pretty quick.
This guy was the unlucky one who suffered as the "canary" for the issue, wherever it was, but it's unlikely to happen to you. That's all assuming he isn't making it up and it wasn't user error.

>>108550362
Does it respect your freedoms? If so yes. If not no, never give a cent to software that does not respect your freedoms

>>108552658
Per-directory just like everything else, physical drives don't matter
If it's a data array that you use to store media for example, I'd put it as $user:$user because it's the kind of shit I'd put in my /home directory
If it stores a bunch of data specific to a program, the kind of shit that would go into /opt or /var, then give it appropriate permissions, whether that be $user:$user or $daemon_system_user:$daemon_system_user

If the secondary drive is used for multiple things then set the directory permissions accordingly, e.g. /mnt/drive2 as $root:$root, /mnt/drive2/media as $user:$user, /mnt/drive2/some_daemon_cache as $daemon:$daemon, and so on

>>108553719
The host literally has physical access to your shit. If some employee decides he wants to fuck around with your shit for shits and giggles, and fuck YOUR vps in particular, there is absolutely nothing you can do. If the host is retarded and their management layer gets infected somehow, there is nothing you can do.
You try to choose hosts that are trustworthy and that you hope aren't going to be compromised or have rogue employees. Big ones like hetzner or OVH don't really have stories of this as far as I'm aware.
Or you host your HOME SERVER at home like a normal person.

>>108554557
DNS-based adblocking is inherently imperfect because a lot of ads are first-party now
But yes adding more lists may still help, check the ublock default lists available, usually a single list is not going to be perfect

>>108558034
but i camped out on lowendtalk and found some dude with an ancient xeon system running a hosting business in his spare time that had really good deals!

>>108551767
>>108551956
>>108552041
Thanks all, it is indeed a new CPU and motherboard etc. nothing in device manager but I'll go for the reinstall.

>>108551811
I did not. It functions everywhere else both internally and externally network wise, any specific tests to run? Just tracert to my router or something?

>>108558040
>ublock default lists
I found the lists
https://github.com/uBlockOrigin/uAssets/tree/master/filters
do I have to add them one by one or is there a way to get them all at once?

>>108524674
yeah sounds like a cool project. The only thing to be careful is to think about what you use it for beforehand and see if the machine is good enough. Especially a mini PC like this, you'll have a harder time upgrading it once you want to do more demanding stuff
also for ROI, remember that electricity also costs some money

RIP wireguard
was fun while it lasted

>>108558401
I require context

I have a Terramaster T9-500 Pro on which I have been running Unraid for about a year. I have the Unraid started license, which limits and if I want to use more than 3 of the 9 bays, I now have to pay.

Is Unraid still the best option in 2026 if I want something relatively secure and user friendly that works with mixed drives and don't require me to devote my whole life to it? My realistic use case is currently storage and and running docker containers.

If something else is a better option, are there realistic ways to switch from Unraid to something else without having to transfer all my files to a third party storage service while I install / convert / reformat with the new os? I want to make sure before paying for the Unraid upgrade, but feeling like I might be a bit stuck either way.

>>108554785
both options aren't very hard, you could decide solely on price if you want. N100 might already be overkill and you could get something cheaper, just check if OpenWRT runs on it or OPNSense if you want more features
mini pc will allow you to more easily host more shit on your router if you are like to live dangerously. the cpu is already a bit overkill for that. (mikrotik will also allow you to do stuff like vpn on the router, though)

>>108558413

>>108557841

You just know this is the tip of the iceberg. You will need face ID for each peer or some shit. it sounds retarded but i can guarantee you some EU law is being written on this as we speak.,

>>108559123
That's more like RIP windows than RIP wireguard to me
Who the fuck cares about windows, the only people using wireguard on it where normies doing so unknowingly through the NordVPN client they installed using their favourite youtuber's discount. These shitty VPNs can just seamlessly default back to OpenVPN and users will not care a single bit.

>>108559123
based microsoft, what are all these people hiding under their wireguard? why are they so afraid? certainly not good things

>>108558483 (me)
I have bought an Unraid licence. If the Unraid dev takes the money to go commit a crime then it is all on you.

>>108518898
k3s, but yes. You’re also using k3s. So is TrueNAS Scale. Do you install things via Helm charts? Or are you rolling your own installation scripts? Or worse yet, doing it all manually?

>>108559399
at this point everyone should just be using debian for the home servers, you can install anything into it nowadays and it just werks and u're not dependant on some project that can be closed source at any time or paying a company

Could something like a "BLUETTI Portable Power Supply" serve as a UPS? They claim it can...

>>108523029
One stop shop for degen porn addicts to get their fix in whenever they need, without the use of Jewish porn sites directly

File: an horse.png (68.3 KB)

68.3 KB PNG

>>108559442
>at this point everyone should just be using debian for the home servers
I just wish they had a longer cycle. I installed Bullseye sometime during the pandemic on a dozen servers and now I have to upgrade.

File: debian-debian.jpg (119.2 KB)

119.2 KB JPG

>>108559753
*Sorry wrong pic

File: 7.jpg (77.3 KB)

77.3 KB JPG

>>108559123
I want to get off Mr Bones' wild ride.

>>108559400
Helm + ArgoCD, we full gitops baby.

>>108524924
I’ve used both ansible and Helm. I much prefer Helm, but I started there. Terraform was an interesting choice, but the statefulness of terraform really bugged me. Luckily didn’t need much of the capabilities of it, so just didn’t bother.

>>108559843
Good, good. Helm is quite honestly all someone needs aside from ArgoCD. Just pushing changes to a repository and having it deploy is great

>>108559919
That plus renovate. I just get a little notification on my phone, go merge the pull request and shit's updated. Very comfy.

>>108559762
you can use ubuntu LTS I guess to the same extent, 3 year cycles are alright by me, 4 would be better tho

>>108560018
i wish it had some sort of notification about the need to update
i totally forgot and had no idea it's out of support
apt update kept saying "All packages are up to date" so didnt think much of it

Is there a better alternative to Caibre-Web? My main gripe is that it can't pick up books from the drive and required using the web interface for upload (the other gripe is that shelves cannot be shared between users).
I looked at Kavita but it seems to be more manga-oriented and demands on putting everything into "series" (also, the owner seems to be angling towards a "freemium" approach, so I expect a rugpull on free tier users a-la Minio).
Also looked at Booklore but the maintainer threw a fit and immolated the project.

sup hsg
are you using your homeserver for goonin?

>>108560996
yeah

>>108560697
? i have an ingest dir that my calibre scans. it just defaults that way.

>>108561218
Is that a dockerized calibre or https://github.com/janeczku/calibre-web? Because I'm talking about the latter

>>108561335
crocodilestick/calibre-web-automated is the docker image I use. it has a webui, but I mostly just use it with koreader.

>>108561335
>>108561365
Calibre web and Calibre Web Automated are two different things

>>108561422
k

>>108561422
I guess I should finally migrate to CWA then.

>>108561474
cwa is almost as much of a shitshow as booklore was
if you run calibre along with calibre-web your problem with books not being picked up would be resolved

>>108562267
> cwa is almost as much of a shitshow as booklore was
What's the problem there? Maintainer also being an ass?

>>108562622
he's rude, but the program is also very unstable and he doesn't mind pushing out untested updates that corrupt your files
i really don't understand why ebook software has to have so much autistic drama compared to other media stuff

>>108562644
> i really don't understand why ebook software has to have so much autistic drama compared to other media stuff
Makes that two of us anon.
My theory is that it's a niche media type. Fewer and fewer people actually read for fun. Only some of these people read ebooks (the haptics of a paper book still hold allure for some). Only some of these people still are willing to engage with self-hosting, DeDRM, or actually handling files, instead of "click buy on amazon, the book appeared on my kindle". The smaller and more niche the community - the more dedicated (aka autistic) the people that do end up in it.

File: 1775413409709130.gif (127.9 KB)

127.9 KB GIF

Do you guys block traffic from entire countries/regions?
Is there any downside to doing it?

I run a debian server on an i5, with only 250 GB ssd total storage. I have dockers and systemd services running to provide apis for many websites. Im gonna squeeze all the juice out of this bad boy. What suggestions for upgrade do you have?

>>108564479
>max out ram
>add fast storage for system partition
>make use of all SATA ports
that's pretty much it, I added NVMe to my i7 server using a PCI-e to NVMe adapter and the difference is night and day

>>108509526
After I put opnsense on a chink 2.5Gb ethernet sbc, I need a switch and a wifi AP right? The wiki recommends >100$ Mikrotik with 8 1Gb ports, but isn't that overkill?

>saved up money for new hard drives
>look at market again
>they've all gone up in price by a substantial amount
I'll never get drive at this rate :( Damn this clown market

>>108564720
fuuuuuuuck I just saw the 20TB HDDs went from 300 to 600$ should've bought more at the time

>>108564655
depends on whether you need vlans mostly.

>>108564655
minimum 4 unifi e7 + a few unifi 10g switches

>>108564720
the same hdd i bought last october has doubled in price. grim time we're in.

https://www.tomshardware.com/tech-industry/cyber-security/go-maintainer-joins-collective-klaxon-about-encryption-breaking-quantum-computers-developer-urges-immediate-switch-to-post-quantum-methods-to-prevent-worldwide-disaster
>google
>cloudflare
>golang
why are they all talking about this? do they know something they can't talk about?

>>108558483
SnapRAID and MergerFS maybe. That's why I am going with.
I think it's crazy people pay for Unraid.

>>108565675
snapraid and mergerfs are crap. use real raid.

>>108565641
https://words.filippo.io/crqc-timeline/
blogslop but it explains why this is suddenly happpening