[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vm / vmg / vr / vrpg / vst / w / wg] [i / ic] [r9k / s4s / vip / qa] [cm / hm / lgbt / y] [3 / aco / adv / an / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / pw / qst / sci / soc / sp / tg / toy / trv / tv / vp / vt / wsg / wsr / x / xs] [Settings] [Search] [Mobile] [Home]
Board
Settings Mobile Home
/g/ - Technology


Thread archived.
You cannot reply anymore.




File: 1641683324077.png (1.42 MB, 1833x772)
1.42 MB
1.42 MB PNG
loli poster checking your need for a home server edition.

READ THE WIKI! & help by contributing:
https://wiki.installgentoo.com/wiki/Home_server

>NAS Case Guide. Feel free to add to it:
https://wiki.installgentoo.com/wiki/Home_server/Case_guide

/hsg/ is about learning and expanding your horizons. Know all about NAS? Learn virtualization. Spun up some VMs? Learn about networking by standing up a OPNsense/pfsense box and configuring some VLANs. There's always more to learn and chances to grow. Think you’re god-tier already? Setup OpenStack and report back.

>What software should I run?
Install Gentoo. Or whatever flavor of *nix is best for the job or most comfy for you. Jellyfin to replace Netflix, nextcloud to replace Googlel, ampache to replace spotify, the list goes on and on. Look at the awesome self-hosted list and ask.

>Why should I have a home server?
Learn something new. De-botnet your life. Serving applications to yourself, your family, and your frens feels good. Put your /g/ skills to good use for yourself and those close to you. Store their data with proper availability redundancy and backups and serve it back to them with a /comfy/ easy to use interface.

>Links & resources
Server tips: https://anonbin.io/?1759c178f98f6135#CzLuPx4s2P7zuExQBVv5XeDkzQSDeVkZMWVhuecemeN6
RouterOS's: https://wiki.installgentoo.com/wiki/Home_server#Custom
https://github.com/Kickball/awesome-selfhosted
https://old.reddit.com/r/datahoarder
https://www.labgopher.com
https://www.reddit.com/r/homelab/wiki/index
https://wiki.debian.org/FreedomBox/Features
List of ARM-based SBCs: https://docs.google.com/spreadsheets/d/1PGaVu0sPBEy5GgLM8N-CvHB2FESdlfBOdQKqLziJLhQ
Low-power x86 systems: https://docs.google.com/spreadsheets/d/1yl414kIy9MhaM0-VrpCqjcsnfofo95M1smRTuKN6e-E
Cheap disks: https://shucks.top/ & https://diskprices.com/

previous >>87968073
>>
File: 1638806790104.png (44 KB, 661x716)
44 KB
44 KB PNG
>>87983146
This thread is going to be epic guys, I can just feel it in my bones.
>dies within 5 hours.
>>
File: FZBMLSCWQAEPAZw.jpg (429 KB, 1638x2048)
429 KB
429 KB JPG
Why are faggots in the business using bloatwares like Chef, Puppet, Ansible, when there is a great tool coded in C, with small footprint and called CFEngine ?
>>
File: 1643578734594.jpg (33 KB, 657x527)
33 KB
33 KB JPG
>>87983314
have you ever used cfengine? it's fucking shite. that's why there are so many popular competitors that slam dunked it out of relevancy.
>muh bloat
just werks and not using a 2004 computer.
>>
>>87983314
I got my job because I learned on my server. Now I want to learn those on my server to use them efficiently at work and spend more time being paid to shitpost in /hsg/.
>>
>>87983385
Ofc, I wouldn't be asking else. I'm using it for 8 years combined with Git and hooks. It just werks.
but it's true it's the most obvious versioning diff shit ever for wanabees.
>>
File: LD0005681033_1.jpg (705 KB, 1600x1600)
705 KB
705 KB JPG
how will Taiwan's invasion impact /hsg/
which will be the first components depleted from stocks ?
>>
File: 1659420328613383.jpg (725 KB, 4096x3624)
725 KB
725 KB JPG
Does anyone use LSIO's transmission docker container with a VPN, or does everyone just use haugene's? I see that they both have 100M+ downloads, so who are all these people running LSIO's transmission, are they running it through a VPN and if so, how, or are they just raw dogging it?
>>
Does any one use sw from coom.tech?
Honestly, making sw for the purpose of fapping is the most thrilling thing ever.
>>
>>87983921
>are they running it through a VPN and if so, how,
gluetun or any other VPN client container with firewall set to avoid leaks. Then you can make any other container use the VPN by adding
network_mode: service:vpn-container
in docker-compose.
>>87983960
>sw
what
>>
>>87983960
back you go, coomer.
>>
>>87984048
Software
>>
>>87984048
Thanks. So just to be clear, I'm using NordVPN, I can just add
version: "3"
services:
gluetun:
image: qmcgaw/gluetun
cap_add:
- NET_ADMIN
environment:
- VPN_SERVICE_PROVIDER=nordvpn
- OPENVPN_USER=abc
- OPENVPN_PASSWORD=abc
- SERVER_REGIONS=Netherlands



to my yaml under my qbit and obviously fill in the U/N and password and add
network_mode: service:vpn-container

to my qbit compose and it should just werk? Damn docker is amazing
>>
>>87984177
kek, replace
>vpn-container
with the name you've set for the VPN container (or service, actually). Here you've set it to gluetun.
>Damn docker is amazing
It's pretty nice sometimes, yeah.
>>
>>87984220
Lol see I actually knew I needed to replace vpn-container with something but I thought I had to replace it with NordVPN or something
But you're saying set it to gluetun?
I'm still having trouble picturing the like, structure of docker containers in my head. What talks to what, what's saved where, it's all a bit of a fuzzy black box to me right now. But thanks for your help, I'm trying to grow some braincells lol
>>
>>87984309
In general Linux containers are like that: they have separate filesystem, separate mountpoints, separate network stacks, separate process tree, can have separate user IDs, etc. - for most intents and purposes they behave as if you had another OS in a box. Compared to VMs, however, they aren't virtualized - they share Linux kernel with host OS and all other containers, which means they're very lightweight.
Now stuff specific to Docker containers. It's a tool made first and foremost for software developers, but it happens to be decent for deploying stuff on home servers too. Compared to regular containers like LXC, Docker containers are usually volatile and pack only one "app" inside. They're built from image that has just what the app needs, you mount them some directories (or volumes) from host to persist data that needs persistence (like qBit config dir and directory for downloaded files), so stuff will be saved where you want it. You update containers by pulling new images and rebuilding containers, so everything gets wiped fresh except for those directories. That's handy imo, you can have all your services organized in one directory rather than thrown around /etc, /var, /usr and so on.
What you're doing by that network mode line is telling docker-compose to create the qBit container, but borrow entire network stack from the VPN container rather than have its own. gluetun immediately configures its own firewall to lock other traffic and sets up VPN tunnel for itself, and since you have qBit use whatever gluetun has it will also be routed through VPN. There's one inconvenience: any network stuff you'll want to do will have to be done on the gluetun containers, so e.g. forwarding port to qBittorrent web UI - you put that forward on gluetun container instead.
Also add a
depends_on:
- gluetun

to qBit to make sure it waits a few ms until gluetun starts so the latter has a few ms more to configure firewall.
>>
>>87984479
>There's one inconvenience: any network stuff you'll want to do will have to be done on the gluetun containers, so e.g. forwarding port to qBittorrent web UI - you put that forward on gluetun container instead.
Okay, so your whole post made sense (thank you, by the way, very helpful) but this part I'm a little hung up on. Why would I forward a port to qBit's web UI? So I can make changes to it from outside the local network? And you're saying to do that I'd have to port forward on gluetun rather than qBit, because qBit is looking to gluetun for all its network info?

According to https://github.com/qdm12/gluetun/wiki/Connect-a-container-to-gluetun using
depends_on
is unnecessary, is that correct?

Also, super stupid question but I've never used OpenVPN, so I guess I have to make an OpenVPN account so I can fill those variables?

Again thanks for spoonfeeding me, I'm having a hard time learning this stuff by just RTFM because it seems like everyone does it just slightly differently
>>
File: z06H24z.jpg (1.02 MB, 4032x3024)
1.02 MB
1.02 MB JPG
bamp
>>
>>87984177
make sure you put healthchecks on your containers otherwise they could lose connection and leave you scratching your head.

I have a wireguard container connecting to my VPN of choice and it pings out to (google) every 6 minutes. if that fails twice it's marked as unhealthy.
likewise on my qbit container I have it check if the wg0 network interface is available (side effect of the wg container restarting) every minute. if not, unhealthy.
then I have autoheal restarting the unhealthy containers.
>>
>>87986215
Fuck, I've never even heard of this before. I'm in over my head a bit. What does it mean for a container to be healthy or unhealthy?
>>
DNS propagation is gayer than I am
>>
File: 1651704801268.png (507 KB, 1200x887)
507 KB
507 KB PNG
>>87983664
>>
>>87986824
You missed that 7% bizbro?
>>
Also, docker noob here, question about where I should be storing my config files for my docker containers. I'm running a little bitty media server off an Rpi4 and while I was reading a lot of places said that the config files could get pretty big, so I opted to save them on the external HD that I have plugged into my Rpi (the same HD that has the media stored on it). Is this fine? My yaml file is in /etc/opt/docker-compose.yaml but my configs are in /media/anon/Elements/configs (Elements is what the HD calls itself I just decided not to fuck with it)
>>
You do have a dedicated porn server right?..I do. I got a server just for my porn. I have another for the more harmless ho hum stuff. Both are backed up. So I've got a dedicated porn backup server to.
>>
>>87986924
why
>>
>>87986924
you should be glad to lose your porn collection.
>>
I'm going to slap a pair of cheapest vrla batteries I can find within a reasonable driving distance into my ups. Will this kill me?
>>
>>87985043
>Why would I forward a port to qBit's web UI? So I can make changes to it from outside the local network?
Sorry, I should have said "map a port". You know, add it in ports: section in compose to be able to reach it from local network.
>because qBit is looking to gluetun for all its network info?
Yeah.
>using depends_on is unnecessary
Oh, good to know.
>so I guess I have to make an OpenVPN account so I can fill those variables?
I think if gluetun has explicit support for nordvpn it will be able to download OpenVPN profiles for it when you give it nordvpn login and password. If not, you can download the profiles from Nord's site and still use them manually.
>thanks for spoonfeeding me
You're welcome, this stuff can take a moment before it all clicks together.
>>87986758
Look up Docker healthchecks, it's a nice feature that lets you run some command every x seconds or minutes and restart the unhealthy containers automatically. Though gluetun's Dockerfile has a healthcheck declared already, so you don't need to do that yourself: https://github.com/qdm12/gluetun/blob/master/Dockerfile#L189
>>87986923
I usually keep the composes and container data in /srv on my SSD. Yours probably is fine too.
>>
>>87987522
OK, so in your opinion it would be easier for a moron like me to just run qbit + gluetun instead of something like https://hub.docker.com/r/haugene/transmission-openvpn which just seems like both in one? I'm really never going to be using a torrent client without the VPN up, so maybe the haugene container is better for me? It also has over 100M downloads so I figure if something goes wrong it won't be too hard to ask online to troubleshoot
>>
>>87983664
Good bye AsrockRack, we'll miss you
>>
>>87983146
daily reminder that windows home server was an actual thing that people paid for
>>
Evens I turn my desktop into server
Odds I don't
>>
Reposting from last thread just to be sure I am on the right track:
>>87971977
Yeah I thought about just self-signing, but then I thought in the event I ever want to share something with a friend it would be nice to just open a port and give them a domain to go to.
>DNS based validation
Stupid question, but this just means I need a separate DNS hosting service right? Like we've been talking about.
>The other issue is that on free tier Cloudflare doesn't like people streaming video
So assuming I understood correctly if I don't use proxying and just use their DNS hosting, video streaming or MITMing my traffic is not an issue right? Can't see how it would be.
>>
File: gateway.webm (2.77 MB, 1975x1000)
2.77 MB
2.77 MB WEBM
anyone else hosting their own homepage?
I have practically no web design experience, but I whipped this up over the weekend and plan to add all my favorite links and my home server services to it
>>
>>87988949
what the fuck man...
>>
>>87988960
its a bit outdated sure and I have no ability to do graphic design so it's all stock photos and shit, but it's a bit of fun.

It's sort of meant to look like the mech commander 2 main menu screen, but I didn't realize that's what I was doing until I added that LED scroller, it just sort of happened to turn out like this
>>
File: screencap (1).gif (491 KB, 1735x1008)
491 KB
491 KB GIF
>>87988949
((not my actual bookmarks))
>>
>>87989000
looks neat! when you click on the social tab, it moves the dev tab to the other column, is that on purpose or just because of an arbitrary div height?
>>
>>87987963
Both are approximately as easy. Having separate VPN container will help if you want to hook some other container to it later (e.g. Jackett), and if you do it will use only one VPN connection for all of them.
>>87988141
It's not a bad idea you know.
>>87988413
>then I thought in the event I ever want to share something with a friend it would be nice to just open a port and give them a domain to go to.
Good point.
>but this just means I need a separate DNS hosting service right?
No. Just have your DNS records hosted at e.g. your domain registrar (OVH in my case) or Cloudflare, any place that has a supported API will do. Then generate API keys for editing domain records there, and pass it to Caddy. When it asks LE for wildcard cert, LE will tell it to prove that you (Caddy) own the domain by adding a temporary TXT record with some random characters.
>if I don't use proxying and just use their DNS hosting, video streaming or MITMing my traffic is not an issue right?
Correct, one of my domains is set up like that and it werks.
>>87988949
This is what 90s internet would look like if we had the current technology back then. Excellent job anon.
I don't have a homepage, browser history remembers my URLs well enough, but was looking into Homer since it looks decent and is configurable via a yaml file which also is extremely easy to automate in Ansible.
>>
>>87989000
>>87988949
hello what year is it
>>
>>87989009
Yeah it's just shoddy css, I've had some variation of this for years

>>87989173
old habits die hard
>>
File: file.png (821 KB, 1280x720)
821 KB
821 KB PNG
>>87989173
I intentionally went from my flatshit modern template to this because I'm one of those people who are starting to hate modern design, and this feels really nostalgic

picrel is what I had in my head, one of the first video games I ever really played
>>
File: file.png (24 KB, 1189x419)
24 KB
24 KB PNG
>>87988949
did for a while several years ago but too much effort to update links cus shit just keeps dying
>>
What is the best http download manager for the server? I use vnc/jdownloader right now, using it sucks. I saw something called aria2 with a proper web interface, is it good or something else?
>>
>>87989876
Fuck it seems like only jdownloader supports parsing one-click hosters which is the main reason I use it...
>>
>>87988949
Based and boomer pilled. I like it.
>>
what kind of home server technology can help when I sit down to put on a movie with my family and it ends up being shit and none of use wants to admit it out of politeness in case someone else is enjoying it?
>>
>>87989876
jdownloader has a web interface, but you need to use their servers to access your server. Similar level of treating users as retards like Plex.
>>87990086
Jellyfin streaming to your phones instead of TV, everyone watching something else.
>>
>>87990086
>whole family is beta and cant state they dont like what they're watching
yikes
>>
Bros, I've officially fallen for the ECC meme.
>>
>>87986081
needs more drives, surprised that aio hasn;t died yet, that model has a habbit of failing prematurely.
>>
File: 1646683690659.png (1.58 MB, 3350x1698)
1.58 MB
1.58 MB PNG
>>87988949
lmao, this is based.
if you want a premade and maintained one, heimdall is a good choice.
has some status/health features for some plugins, which can be nice.
>>
>>87990086
>Not immediately telling everyone how shit this movie is
ngmi, introvert.
>>
>87986081
that's pretty sweet anon
>>
>>87988099
well yeah but it had the feature of being able to pool drives, something that was pretty much unheard of at the time (in contrast to raid)
>>
File: 1602878090774.jpg (167 KB, 1024x1365)
167 KB
167 KB JPG
>>87990920
it probably has, it's not mine and it looks like an old pic
>>
>>87990823
i mean i know 4chinners are the bundliest of the bundle of sticks but yikes you just hade to go and somehow make it even gayer. congratulations
>>
>>87989173
I only discovered this concept a month ago
>>
>>87986865
I thought it was 10% for the big guy.
>>
>>87991365
sick
>>
>>87989306
Which links were dying?
>>
>>87991663
Could be. I'm just happy VFV is above $93 again
>>
>>87991365
what are the drive temps on something like that?
>>
File: 1519626966722.gif (817 KB, 500x500)
817 KB
817 KB GIF
Boys it's time for me to buy a new gateway. I intend to put Pfsense on it. Anyone got one that can support Pfsense that they like? Was looking at the Netgate 2100 except they're all on backorder at the moment.
>>
>>87992405
>Pfsense
Consider OPNsense. Software written by adults who don't aim to hurt both their users and users of upstream OS (look up what they did to get WireGuard bragging rights) and don't bully sister project devs (Netgate did).
As for hardware just get a thin client computer and put i350-T4 card in it, or use a managed switch and have the computer be a router on a stick.
>>
>>87992559
>In November 2017, a World Intellectual Property Organization panel found Netgate, the copyright holder of pfSense, used the domain opnsense.com in bad faith to discredit OPNsense, and obligated Netgate to transfer domain ownership to Deciso.
Yeah...Didn't know about all that. I can't support that shit.
I'd really rather not have to put another computer in my apartment. Space is a concern for me and my 5'x5' no man's land of old computers and wires is getting cluttered. What were you thinking for a thin client? If I were going that route I was thinking something small like an Intel NUC or similar but I don't think I could put an i350-T4 in it.
>>
>>87992800
HP T620+ is a popular oldish box to use as a thin client router, has a PCIe slot for the external NIC. My router is a 1L tinyminimicro with Celeron, but I needed a managed switch to plug more stuff in it. Either way those machines are pretty compact, my setup is just twice as thick as a typical wireless router, similar dimensions otherwise.
Or if you're feeling lucky you can have your server also be your router.
>>
>>87991365
you plugged a power meter into that?
>>
>>87989094
>Both are approximately as easy. Having separate VPN container will help if you want to hook some other container to it later (e.g. Jackett), and if you do it will use only one VPN connection for all of them.
Would I need to run Jackett/Prowlarr through a VPN? It should be mostly https traffic anyway, I've been raw dogging jackett for like a year and never heard boo from my isp
>>
>>87988949
holy SOUL
>>
>>87994166
>Or if you're feeling lucky you can have your server also be your router.
I might have Irish blood in me but I'm not THAT lucky.
But thank you for the recommendations. Very much appreciate it, I'll take a look
>>
Any better way of making database-free photo albums other than symlinks? Symliks are not recognized by gallery software on android or something like pigallery.
>>
Remember when I, anon, used to say that "GUI server distros" were a bit inflexible and you'd be bound to hit some silly barriers when at some point you try to do something that's unexpected by the web UI?
Well, I've decided to try those distros today and within minutes of using TrueNAS Scale got to pic rel. A bit of a shame, aside from this and using Kubernetes to run containers (??????why???) my first impressions were decent.
Next up: the BSD based TrueNAS Core and OpenMediaVault. Maybe will try Unraid, but >selling Linux and their proprietary storage stack don't seem like advantages to me.
>>87995310
That's in case you don't want to give your IP to private trackers. Some are fine with VPNs for website browsing (which is what Jackett does), some aren't.
>>87996234
Hardlinks?
>>
>>87996465
>the BSD based TrueNAS Core
Yeah, installer doesn't boot from Ventoy, and I don't feel like looking for a dedicated pendrive to write it to. Had same issue with OPNsense installer, so it's not TrueNAS fault that's for sure.
Let's see how much OMV changed since last time I saw it and had mixed feelings.
>>
For the interested:
Partial list of names of Celsius debtors (6000 pages)
https://cases.stretto.com/public/x191/11749/PLEADINGS/1174908032280000000008.pdf
>>
>>87996465
>>That's in case you don't want to give your IP to private trackers.
Ah, those invite only sites? I don't use any of em anyway so shouldn't be a problem right?
>>
Can I use a spare PC with a VPN + killswitch as simple data storage for torrents?
>>
>>87996694
If you don't mind your ISP knowing you visit torrent sites (but not that you use BitTorrent protocol itself - since that's going through your VPN now) then it's fine.
>>87996744
Yeah.
>>87996535
OMV has Debian based installer, but so far
>froze after DHCP screen
>after restart failed to install GRUB
>after restart failed to install system itself
Not a great look, but I recall some issues with Debian installer on this smol PC anyway. I'll retry in a moment, but I'm adding Yunohost to the testing queue, I liked the idea of LDAP for all apps there. What I didn't like was usage of custom packaging scheme rather than Docker and docker-compose.
Another one I wanted to try is Umbrel, which does leverage docker-compose at least, but it's still WIP and much less known. Also devs had some interesting design choices, like providing free backup of config for users. Might seem weird, but given that Umbrel originally was just a nicer wrapper around Bitcoin and Lightning nodes, well, it sorta makes sense. /etc is a few kilobytes anyway.
>>
>>87996796
>Yunohost installer is also based on Debian
>and fails in its own spectacular way
I know it might be surprising to have a 2014 tinyminimicro with both NVMe and garbage HDD inside, but come on, that shouldn't be so difficult to handle. Unsurprisingly installing Arch earlier, even with archinstall, went fine the first time.
>>
>>87996465
>Hardlinks?
Cheers
>>
>>87996796
Hey, as far as they know, I'm just hunting for public domain films.
>>
>>87996909
I got both to install on the garbage HDD, but OMV got stuck on blank cursor after reboot and Yunohost got me to an install with no web interface available and root access not working.
I don't mean to shit on their parade, but yeah I'm still wary of those distros I guess. I hoped that maybe OMV could have been good - set storage and network file shares via web UI, then setup containers via CLI or some basic web UI too. But I didn't feel good when I saw a Docker-GUI plugin pretty much abandoned twice (once by original dev in 2017, then again in 2020 by some other dev).
>>
File: 1640722220142.png (242 KB, 1194x1102)
242 KB
242 KB PNG
we're going SMOL once again bros, just can't turn down these things.
>>
>>87997509
Got OMV to boot, shit, the web UI is more clunky than setting it up in CLI imo.
>>87997786
>tfw those are 1000+ eur here
amazing
4 gen is still good right :')
and like the only one affordable, that and 6 gen
8 gen goes to 250-300 range
>>
>>87997835
seem to be the cheapest tiny/mini/micro with a 10500t, they are about 260 britbongs here off ebay. not bad for a 6c12t
>>
>>87990086
Your family sounds sweet anon.
>>
Any reason I shouldnt wipe my 1 and 0,5 TB drives I was originally using as a Raid 1 NAS and put them into Raid 0 to use as a secondary remote backup? I dont really care if the array fails since it's highly unlikely to fail concurrently with my new Server's Raidz2.
>>
>>87998427
I'd pool them with mergerfs instead. No redundancy, no minor speed bump, but if one fails you don't lose data on the other.
Side note, are 3.5" HDDs really the best option for offline backup >1 TB? I wanted to buy a 2.5" but once I get to 2 TB they're too expensive for the capacity. I also thought about having two 2.5", 1 TB each and scripting backup to wait until both drives are plugged in, but that's still weird. 3.5" HDD would require external power supply unless I keep the drive naked and put it in a HDD toaster.
>>
lidarr, but for slsk?
is this even really possible?
>>
Feelsgoodman, finally got rid of TrueNAS and moved the ZFS over to a FreeBSD VM.

For some reason TrueNAS ground to a halt inside VM after 12.0U5 or so, and I didn't bother troubleshooting it further as it was borderline unusable at OS level, and didn't even manage to load web UI.

Seems that FreeBSD has a nightly autoscrub and setting up NFS was trivial too.

And no, the disks aren't virtualised - VM has direct access to disk controller.
>>
I fixed my hard drives ridiculous temperatures by adding another fan
it reduced temperature after a scrub from 58c (dangerous) to 42c. noice.
>>
>>87989094
>It's not a bad idea you know.
Yeah I just have a server already. I've been debating the past while how I would render my video remotely if I were to upgrade my old server and replace my desktop with my laptop
>>
tips on how to get my first gen threadripper system to idle under 100W? already turned on the most obvious power saving settings in bios.
>>
>>88001408
Powertop might help, but those are power hogs.
>>
>>88001408
Oh and undervolt.
>>
File: bobsaget.png (1.08 MB, 736x820)
1.08 MB
1.08 MB PNG
I want to host an internet radio from my own music files (I guess with icecast?) and a video stream of said radio with song information, album cover, VU meters and possibly other related stuff.
For the video I'm leaning towards OBS on a VM with a desktop environment and VNCing in to manage it, and probably feeding the icecast stream to it to be rebroadcasted on the video if there are no latency issues. OBS is however a bitch when it comes to audio, so if anyone has better solutions I'm all ears.
>>
>>88001492
Why video and not a website for the stream with updating album art and info?
>>
>>88001557
why not all three anon? I think I'd eventually come up with such a page for the audio only-radio, currently I'm using the stream to also watch movies with friends by just switching source on OBS but I guess I might as well split that into it's own stream to make things easier.
Currently the stream is just an ssh window on my desktop with a script showing some server/connection data, a vu-meter and now playing-text from fb2k with an OBS plugin.
>>
>>87999601
should have given scale or loonux with zfs a shot.
>>
>>88001492
check out the self hosted links in the OP.
>>
Does /hsg/ roll their own?

Anyone here got an opinion on building a NAS around a RockPro64? I'll need to connect two USB > SATA adaptors, I assume I'll see a performance hit if I run them via a hub? Any equivalent boards with 2x USB3? Or even a website that tabulates features for each of the major boards for easy comparison?
>>
Recently got my Synology DS220j (as a gift), which HDD should I cop? I'm choosing between Ironwolf and Toshiba N300, what are the main differences? Anyway, would appreciate any recommendations
>>
https://www.aliexpress.com/item/1005004195963486.html
>8TB for £18
https://www.aliexpress.com/item/1005004325000879.html
>2TB USB for £4
The fuck is this? Seeing lots like it on ebay as well. Surely it's fake but I have no idea how they've been able to stay up for this long
>>
>>88004100
because of reviews like this, fake or otherwise. it repirts to the system as 8tb despite really only being like 2gb at most, but the average user isnt going to be paying enough attention until they load it full of data and realise that only the most recent 2gb is actually accessable. by that time, the window to request a refund is gone and getting chinesed is very easy if you arent familiar with aliE

im not entirely sure if/how this breaks any ToS, if at all. im nit too familiar with either aliE ToS or with chinese/taiwanese consumer law (if such a thing even exists)
>>
>>88004191
If the chinks invested as much time into making good things as they have scamming people the world would be a utopian dream with flying cars and real penis enlargement pills.
>>
File: 1619734383369.png (364 KB, 528x528)
364 KB
364 KB PNG
I'm having a hard time setting up a server using a domain from OVH.
Already have 2 with Namecheap, and set up nginx with similar configuration, but it just doesn't work.
I can only access the new server locally. Outside it resolves the IP correctly but only gives timeout.
Any help will be appreciated.
>>
>>88004844
Forgot to say, it's a single physical server and all the ones I have are virtual hosts. So it's the same address for all of them.
>>
>>87999601
>VM
Still bloat, but whatever suits you best, anon. I wish I could try BSD on server, but Docker (incl. its ecosystem of images) is just too handy.
>>87999861
>fans spin at 100%
>drives idle at 50c
>it's not even a super quiet case (Fractal R5)
>>88001308
I did that, desktop is my server and docked laptop is my main computer. Fun computing paradigm imo.
>how I would render my video remotely
Proprietary, but from the time I've used it in past Adobe has Media Encoder which can be used to render somewhere else than your editing machine. Other big softwares probably also have similar tools. I'd be more worried whether your laptop would be enough to comfortably edit, and if you had enough performance to edit, wouldn't it be enough to render too?
>>88001492
Cool idea, and cool that you're going to have an audience for such radio. Never had it myself.
>>88003031
>I assume I'll see a performance hit if I run them via a hub?
I don't think so, USB3 is 5 Gbps already and those drives will hit like 200 MB/s = 1,6 Gbps each.
>>88003577
Rule of a thumb for good cheap drives is to shuck WD externals. If you go 8+TB you get CMR drives inside, which won't shit themselves once you put them in any RAID, unlike SMR drives.
>>88004844
Not the domain provider's fault if it resolves correctly. Post nginx config.
>>
>>88004917
>Post nginx config
server {
server_name domain.ovh;
root /var/www/domain.ovh;
index index.html;

listen 80;
listen [::]:80;

location / {
try_files $uri $uri/ =404;
}
}
>>
>>87983664
Shouldn't affect it in any way since we just buy shitboxes.
>>
Athlon 200GE good enough for ass basic NAS and/or self hosted music service?
>>
I have a running truenas scale box and ZFS doesn't like SMR drives...

But I have a bunch of 6TB SMR drives. And I want to use for storage. Any ideas what anon would do to get them running? Get you get a different filesystem on a truenas pool or something else weird going on with dockers? Any ideas please.
>>
>>87991365
>>87990920
>>87986081
But what do you need all these drives for?
I build a NAS, have just 2 drives 8tb total
Dont even know why I need it I just let it download movies and shows
>>
>>88004917
did you consider taking the front off the R5?
moar air.
>>
Will begin to build a NAS soon.
With an old i5-4460, 16GB of non-ecc memory and 4x4TB of disk, should I go mdadm raid 5 or zfs raidz1 ?
>>
File: file.png (269 KB, 500x369)
269 KB
269 KB PNG
I accidentally plugged my 19v laptop adapter into both of my external WD 14tb hard drives.
I already took both outside their enclosures and they worked fine that way before, but now they won't even spin up, so the circuitry is blown.
Besides losing 400€ worth of harddrives I lost TBs of accumulated data.
I am done for.

I won't send it to a data center to have my autistic nazi movie collection recovered, that's for sure.
>Is there any way I can buy a new PCB and get the harddrive working without losing data? I have soldering skillz and could do that much.
>>
File: hurtsjustalittlebit.png (40 KB, 200x252)
40 KB
40 KB PNG
>>88006744
is there any chance you could greentext how you plugged it into both of them

I'm not an expert on data recovery but I'd presume the professionals would also just swap the pcb first, if you can't find any replacement boards on ebay etc. just buy a new identical HDD. might be the safest bet anyhow
>>
>>88006207
Sure.
>>88006340
ext4+mergerfs+snapraid might be a decent choice.
>>88006408
Not that anon, but I'll want to have better IOPS without going full SSD and I'll probably have to get more drives to have more striped mirrors (aka RAID10). Or some other setup that doesn't make me lose 50% capacity.
>>88006414
Moar noise too, might as well sell the R5 and bring back the old Corsair case I sawed off half the front panel off to let more air, and hold remaining drives using duct tape.
>>88006519
ZFS is fancier than md.
>>88006744
There's plenty of broken drives with working PCBs for sale online, maybe try this. Or try warranty.
>accidentally
>into both
>>
>>88006519
zfs for sure

mdadm is a piece of shit compared to ZFS. You’d think ZFS would be more complicated proportional to the benefits it provides, but setup and administration of it is much easier. You don’t really need ECC for ZFS, it just helps guarantee data integrity.
>>
>>88006878
>>88006922

Thanks guys, I wasn't sure to use ZFS because of the rule of (total available storage + number of disks) GB of memory requirements I've seen in a lot of selfhosted forums and boards.
Also, configuring LUKS before ZFS is the right way, right ?
I'll see if you can configure LUKS on TrueNAS Scale.
>>
>>88006997
zfs supports native encryption. No need to setup luks.
>>
>>88006997
>ZFS because of the rule of (total available storage + number of disks) GB of memory requirements
There's a rule of 1 GB per TB of storage, but it's a hard requirement (iirc) only if you use deduplication. Don't use deduplication unless your files are highly deduplicable.
By default ZFS on Linux will try to use half of RAM for ARC, but if you find it too high and pushing your other processes to swap, you can set your own limit.
ZFS has built-in encryption, I switched to it and it werks.
>>
>>88007031
According to most wikis that memory "requirement" is for heavy use. Anon's 16GB should be fine for a 4x4TB array.
I have also been using ZFS and it's great, easy to setup and swap between systems if needed.
>>
>>88004885
if you can get to it via localhost then it's probably fw. check with nmap.
>>
>>88006878
>accidentally
>into both
Yes. I don't have any overview of all the cables lying around. My brain isn't working properly these days. I was just wondering why my computer wouldn't recognize the drive, so I tried both. When I noticed I had still this laptop adapter plugged in that has the the same plug , it was already too late
>>88006817
I will eventually if I can't find a broken one. But it's also kinda liberating being rid of all that meaningless data
>>
>>88006744
learnt a lesson today, try not be a retard next time. if you had shucked this would not have been a problem.
>>
>>88007159
>But it's also kinda liberating being rid of all that meaningless data
I know that feeling. I destroyed my MD RAID5 array when I stopped converting it to RAID6 and restarted later. Would have thought it would pause and resume later than stop and break, maybe using mdadm vs /proc/md/something to handle the conversion process was important. So, >>88006519, maybe it was entirely user fault but nowadays on ZFS I feel like it's more robust and resistent to user's retardation. When something's wrong the zpool command tells you exactly what to do.
>>
>>88006997
>TrueNAS Scale
stick to Core 12 unless there's a new feature you specifically need.
>>
File: 1632097157767.png (275 KB, 1500x1148)
275 KB
275 KB PNG
Just bought a router with 120gb ssd and 8 gigs of RAM
GOML plebeians
>>
>transmission daemon in docker reporting too many login attempts, and that I should restart to be able to login again
>but I wasn't the one logging in, especially with wrong credentials
>setup has been working fine for several months
>only my torrent port (and NOT the RPC port) is open. Everything else is through wireguard VPN
>router running openWRT latest stable
>no wifi so no one could be sniffing that way
>used my wireguard VPN on public wifi yesterday
>I am the only one home
>logs are mostly about trackers that aren't connecting (pretty sure harmless)
Bros, have I been compromised? Should I be worried or is this just some weird bug?
>>
>>88008104
they're already inside.
>>
>>88008104
*arrs with wrong password? linuxserver/transmission image with password not set as environment variable to when you try to stop the container, the s6 supervisor fails to log into the daemon using default password to shut down transmission properly?
>>
>>88008104
the attacker is already living inside you walls.
>>
>>88008305
>*arrs with wrong password?
Haven't bothered installing and setting those up yet
>linuxserver/transmission image with password not set as environment variable to when you try to stop the container, the s6 supervisor fails to log into the daemon using default password to shut down transmission properly?
Not sure what this is, but stopping the container manually (basically the only way I ever stop it) works well as far as I can tell.
>>88008125
>>88008320
I used to reply like this too. It's funny until it happens to you.
>>
>>88008305
Oh also, password is set as environment variable.
>>
File: le services.png (45 KB, 1865x238)
45 KB
45 KB PNG
>>88002425
ZoL was out of the picture as it doesn't have feature parity with TrueNAS ZFS - you can't roll back versions, only option would have been to wait for potentially years without upgrading storage pools.

>>88004917
Whatever overhead QEMU has I'm fine with, whenever I do something more involved I prefer just SSHing over and fucking around over dockerfiles and constant redeployment.
>>
File: synology.png (233 KB, 668x400)
233 KB
233 KB PNG
Is it possible to retrofit these things with a standard PC motherboard or is it all proprietary? I love how compact they are.
>>
>>88008671
short answer no, long answer if you really, really, really, really, really, really, really want to you probably can by spending way too much money and effort.
>>
>>88008671
pretty sure they're all proprietary. and also all expensive. but good god are they sleek and small. I want one
>>
>>88008671
Why? It's a fucking NAS, original board is just fine for the purpose. I suppose it's possible (at least with a laptop board and then nvme -> sata adapters), But there's plenty of purpose built compact cases with mITX compatibility and disk space.
>>
>>88007169
>>88006744
Can't WD be bothered to include some kind of DC-DC converter or other protection in their enclosures housing ~300€ harddrives?
It's not like a user mixing up plugs that are mechanically identical is that improbable.
Do aftermarket usb converters have this "feature"?
>>
>>88006878
>Or try warranty
I really don't want to send them back with all the data on there
>>
>>88004917
>Fun computing paradigm imo.
Yeah I thought it would be a nice setup in general since I'm finding myself more out and about since I got my laptop.
>Adobe has Media Encoder
well rip, I use kdenlive. Maybe I could just transfer project files to server and render them that way when I'm at home or something. I don't want to install Xorg on the server. Laptop can handle it fine enough since I'm only doing 1080p and no fancy effects. I could render it on the laptop but I do have my 3900x which I could just render in seconds instead of waiting an hour or so
>>
>>88008671
https://www.silverstonetek.com/en/product/info/computer-chassis/CS351/
>>
>>88008098
>dude weed lol
$ free -h
total used free shared buff/cache available
Mem: 7.7Gi 355Mi 6.8Gi 400Mi 607Mi 6.9Gi
Swap: 2.0Gi 0B 2.0Gi
>>
>>88008671
If you have a dremel, some JB-Weld, and more time than it's worth, sure it is possible.
>>
Hypothetically, it would be so awesome to have electricity for home servers subsidized by apartment neighbors by using outlets in public spaces. The only trouble is there are no spots that are discreet enough. I could hypothetically put it in my storage locker, but I'd need to run an extension cord to an outlet. Wifi would allow me to hypothetically connect to it. What do, hypothetically
>>
>>88008969
What's the syntax for that preformatted text?
>>
How useful is a disk shelf compared to a fuckhuge case like >>87986081?
>>
File: firewall.png (9 KB, 515x118)
9 KB
9 KB PNG
>>88008098
no u
>>
>>88009094
was honestly thinking of going bsd but I wanted to try opnsense first. what hardware are you running it on?
>>
>>88006408
Redundancy
>>
>>88009124
this guy here
>>88008381
>>
>>88008104
>>88008515
Thank god, looked into it a bit and it appears it’s a somewhat common bug in 3.0 that is fixed in master, there just hasn’t been an official release since 3.0 yet.
I did figure out what I did too I think, yesterday I tried going to the web interface of one of my other containers on my phone but actually picked transmission. Didn’t login, refreshed and reselected the other web interface. But because of the bug, I think it counted me refreshing the page a few times as too many unsuccessful login attempts.
>>
File: 1523580839026.gif (1.78 MB, 350x255)
1.78 MB
1.78 MB GIF
>>88009269
lookin good anon
>>
>striped two way mirrors
How scary it is for, say, 16 drives to run them like that? I'm more leaning towards e.g. three six drive RAID-Z2 stripes instead, so I could always lose any two drives and not lose data. Also less capacity loss, but less IOPS increase too. Thoughts?
>>88008515
>works well
If processes inside don't exit within time limit they're killed, and s6 in linuxserver images will try to connect to daemon to tell it to exit. But to do that it needs password.
>>88008574
No ideas then.
>>88008739
>Maybe I could just transfer project files to server and render them that way when I'm at home or something.
Sounds good.
>I don't want to install Xorg on the server.
If you run Docker, I can give you my Dockerfile base for GUI softwares that I need to run sometimes and access with VNC. Perfect use case for it imo.
>but I do have my 3900x which I could just render in seconds instead of waiting an hour or so
Fair enough.
>>88009030
>communal home server
Could be comfy.
>>88009056
[ code ]text[ /code ] but without spaces, dear newfren.
>>88009300
Interesting.
>>
>>88009072
If you want your disks on a hot swap SAS backplane, or want quick setup for high-availability (the netapp I have has this) they are nice.
If you only want the hotswap it might be better to look for a server with those on the front or drive bay replacements instead since a disk shelf can't do anything on its own and needs a separate server anyways.
>>
>>88009477
>hot swap
Don't need that, I don't mind taking my server down at night to replace a drive.
>high-availability
Don't need that either.
Alright, thanks anon, those Netapp shelves have really good looks but I'm past that point. The jankier the better, as long as it's cheaper too, and for the cost of cheapest shelf here I can buy a Define 7 XL instead.
>>
>>88009451
>If you run Docker, I can give you my Dockerfile base for GUI softwares that I need to run sometimes and access with VNC. Perfect use case for it imo.
Completely didn't think about running it in a container. I prefer LXC myself so I might try and see if I can just run Xorg in a container like that but I don't see any reason why it wouldn't. I'll ask in /fglt/, dont have time to experiment today. But thanks, if it doesn't work I'll seek for your docker solution
>>
>>88009766
It's just a matter of running Xvfb, x11vnc, optionally openbox and the program you want. I also added supervisord since Xvfb can take a second to start, and other softwares will fail when they don't see X server on boot time. It'll work in LXC too.
>>
Hello fags, I'm going to build a home server with ~8TB of storage + external 2TB HDD. I have the following HDDs:
- 2x500GB 2.5" WD Blue HDDs
- 1TB Seagate Barracuda
- 1TB WD Purple
- 2TB WD Purple
- 3TB WD Purple

>Why this weird setup
I got most of these drives from my job, my boss is a great guy and gifted me these HDDs, apart from the 2 500GB I already had laying around.

Redpill me on how I should set them up. Should I use ZFS, XFS, RAID, etc.? Which one is the best and why? I have never done this kind of stuff before; I'll mostly be storing movies to be played with Jellyfin, a SearXNG instance, web hosting, and some other general data hoarding.
By the way, I'll be using Gentoo.
>>
>>88009890
ah neat, seems pretty doable then. Will give it a shot over the weekend. Cheers anon
>>
>>88009945
>mixed capacities
Use ext4 on each drive separately, then pool them together using mergerfs. If you want some protection from total data loss in case you lose one of drives, look into snapraid (you'll need to dedicate biggest drive for parity). If you don't, then when you lose a drive you'll lose data only on the drive lost.
Easy, just werks, has bit rot protection if you do snapraid, and either way you get unrestricted scalability.
>>88009963
Yeah, easy stuff. jlesage has Docker images for many of "apps" I run but I found them to be needlessly bloated with nginx and web VNC client inside, also he stopped updating some of them a while ago. Building my own was surprisingly easy, and now that Gitea has built-in package registry, I can store them in a comfy spot and pull them to other servers when I need.
>>
File: file.png (338 KB, 516x325)
338 KB
338 KB PNG
I'm looking for a raspberrypi alternative because I'm tired of the high prices + everything is out of stock anyway. I looked at the sheets in the OP and found this. The only issue with these cheap boards is the lack of usb3 because I wanted to put an mSATA HAT on top of it. Would and adapter over usb2 make any sense? I want a new board because I'm tired of using wifi for everything but usb2 is totally going to bottleneck me right?
>>
>>88010119
Thanks anon, based as always
>>
>>88010158
Look into tinyminimicros instead. Even 4gen Intel boxes have like 4 USB3 ports, and with a bit of luck it can be cheaper than a Pi.
>>88010284
You're welcome, home servers are such a brilliant idea in a world where few people have their own spot on the internet in physical proximity to their ass.
>>
File: file.png (1.14 MB, 1772x886)
1.14 MB
1.14 MB PNG
>>88010405
I found this thing and I'm now very tempted. I could get one of these and then just buy an usb3 ssd enclosure and call it a day..
>>
>>88010610
Really, look around eBay or what have you for those tinyminimicros. All have one SATA port inside, some have M.2, and if you want to go bigger then SFF and towers have more SATA. Can't vouch for their power consumption though, meanwhile for tinys I could.
>>
Anyone running a coreboot server?
>>
>>88008716
>original board is just fine for the purpose
I want to use ZFS.
>>88008764
>bigger
>uglier
>>
>>88010659
Problem is they are all +100€ and that's too much of a neet. ARM solutions are more within budget. I looked into the last one I posted and they stopped support for armbian so I don't think I'm going to trust that chinese toy. Form factor looked amazing and totally what I needed. Sad
>>
>>88010158
if you want a pi 4 near msrp you can get the 4GB pi 400 for ~700 on its own. you give up accessory support, but hey.
>>
>>88010866
>~700
heh. ~70.
>>
>>88010800
>they are all +100€
Ouch.
>and they stopped support
That's my main gripe with anything ARM so far, on x86 you somehow don't have to explicitly support each computer to run any Linux distro on it.
>Form factor looked amazing
Yeah, it is smol.
>>
>>88010885
We are getting there
>>
>>87988949
I tried making a bookmarking server but I need to rebuild it instead of doing csv read and write through a python CGI like a doofus
>>
TELL ME THE TRUTH BROS. WHAT IS THE BEST DISTRO FOR A HOME SERVER AND WHY IS IT GENTOO?
>>
>>88011354
gentoo is too much of an hassle to maintain even for a basic home server
tried for months and went back to debian stable
>>
>>88011367
whats this buzz about yunohost i hear? is it worth the squeeze?
>>
>>88011398
mate I don't even knew what yunohost was before googling ot a few seconds ago
>>
>>88011429
thats fair bro. im gonna install it fuck it i'll maybe update you later
>>
Maybe /hsg/ would like to comment on new server (+games VM) build over at /pcbg/. >>88011650
Currently I'm at the phase of picking a motherboard, and I'd like to have an upgrade path from current 6 to 16 HDDs later without sacrificing anything else listed there. I'm aiming for X570 and this board specifically because it has nice IOMMU group assignment, and has two NICs built-in. Maybe somebody has another B550/X570 board to recommend for higher tier home server uses specifically? I doubt anything would have IPMI, but it's not a big deal, so I'm mostly looking for best IO options.
>>
>>88006878
about ext4+mergerfs+snapraid, can I do that within truenas? Sorry but I'm new to running a NAS and I'm still learning this box itself.
>>
>>88011720
I just have my first name on my servers. If you need to post logs, just CTRL+F your name and replace.
>Is there a typically accepted default username for home servers?
Well, you could be a bit irresponsible and use the root account all the time.
>>88011715
Not sure, it's a FUSE filesystem so probably most suited for Linux. If you run TrueNAS you're expected to use ZFS, and anything else like touching the shell in any capacity is "unsupported" by TrueNAS utils. >>87996465
>>
File: 1649459002348.jpg (1002 KB, 1551x1716)
1002 KB
1002 KB JPG
Couple weeks ago, my ex-company purchased a big server for a job that didn't actually end up being done.
they had to pay me for vacations that i didn't take and asked me if i wanted it instead.

Is it worth it to get to know enterprise management tools nowadays? with the cloud and shit?
I mostly use the server for my small websites, Minecraft and shit, but i am interested in this line of work.
>>
>>88011834
Mostly want to know before i get onto a IPMI rabbit hole that goes for weeks.
>>
>>88011398
I use openmediavault even though I mostly interact with it over ssh.
>>
>>88011700
>Maybe /hsg/ would like to comment on new server
No, stay in your containment board.
>>
File: 1649127974699.jpg (678 KB, 1920x1080)
678 KB
678 KB JPG
So I want to get a new machine/s to bring power consumption down and also to get space for more drives. With separate machines I could get one of those cute USFF PCs for virtualization, though I wonder if power consumption would be lower with a USFF virtualization + low power storage server setup compared to a proper low power ITX build for both tasks.
Also I'm thinking of using a more modern AM4 board, since apparently they work with ECC ram? (Still haven't decided on using ECC)
>>
>>88012294
ok, back to mlp
don't be surprised when there's an apocalypse and all that's left seeded on public trackers is pony on autist's bunker servers
you've been warned
you won't find your 3dpd lewd content seeded when that happens
>>
File: onpremADOAgent.png (134 KB, 1232x887)
134 KB
134 KB PNG
I must admit that it is pretty neat to be able to deploy VMs with terraform to my proxmox homelab via Azure DevOps
>>
>>88012677
>azure pipeline
cansur. I would say use jenkins, but that's equally as bad.
>>
>>88012732
No one should ever use jenkins
>>
I need to build a cheap-ish not necessarily too power efficient machine that will be used to compile fuckhuge projects that take about 6 hours to compile on a 6700hq. I’d prefer something like 7-8 times faster than that. Since this is compiled fresh once in every 2 weeks the power won’t be an issue as the machine will get turned off when not in use. Any old xeon reccomendations? Im aiming for around 600-800 euros. And yeah the job scales very well over multiple cores.
>>
I'm trying to change the username of my server, let's say to 'bar' instead of 'foo', but the problem is I'm ssh'ed into it so I can't change its name without killing all processes used by user foo, and killing all of foo's processes will terminate the ssh connection. And yes I'm using su. What can be done? Is it not possible to change the name using SSH?
>>
docker compose bros... what is "Network opt_default" and why is it "created" when i
docker compose up -d
? I've never seen it before and I haven't edited the .yml
>>
>>88013075
for the new stack it defaults to using the folder name of where the compose is being read from. I would assume your layout is opt/docker-compose.yml
it's just the local network bridge for the stack so i.e. multiple services in the same stack can see each other on the same subnet
>>
>>88012947
ssh in as root using a private key authentication to make the change, or otherwise create another sudo user and do it that way.

changing account names is usually not advised and quite dangerous if anything is depending on that name.
>>
>>88013335
huh... wonder why I've never noticed it before... docker is still such a black box to me
>>
Need some help on networking here.
My home server sits exposed to the Internet (because I need to expose port 443). The rest of my home network is always on a VPN at the router level.
What this means is that I need to specifically set up another VPN connection on my home server's Qbittorrent container (Hotio's has it built in so it's easy).
But is it possible to just do it by routing at the router? Like, can I just "let inbound port 80 and 443 traffic go to this static IP for my home server, and everything else flows through the VPN"? The router currently runs Asus Merlin so it's all just Linux underneath.
>>
Best setup for self-hosted audiobooks? Does Plex work OK?
>>
>>88013603
Just use cloudflared and tunnel from cloudflareDNS to your server. no port forward. https://youtu.be/hrwoKO7LMzk
>>
Hello,

I am trying to introduce some more network segregation in my network, primarily around IOT devices, such as internet-connected IP cameras. Right now I have a proxmox server which I use to self-host some apps, run Truenas, and some docker and Kubernetes experimentation etc.

One of my VMs runs some NVR software for IP Camera recording, so I'd like for my VM to talk to my IP cam, however, I don't want my IP cams to see the rest of my network, but still have internet access for Mobile App access, ie 1 way communication.

I am at an impass here, my Asus Merlin Firmware doesnt support vlans, so thats out of the picture for VLAN + Firewall rules.

I have a spare access point/router with Asus Merlin also that I could potentially use for a IOT wifi ssid, im Ok with that but im not sure how todo the one way network with the VM and the IP cameras.

I am open to the idea of getting something dedicated for Firewall/Routers 2.5gb like so https://www.amazon.com/Firewall-Hardware-Security-Appliance-Barebone/dp/B09PHHMJJB/?th=1

However before doing that I wanted to see if there were any other options.

I have attached a diagram of my current setup. I technically have 4 2.5gb NIC ports on proxmox. I dont like the idea of proxmox being the sole router/firewall and nas and my home lab server, seems like too much risk if the server powers off, I have no internet at home. However, for a second AP I dont care if only the IOT network dies if the server dies, I can live with that.
>>
File: network.png (77 KB, 842x970)
77 KB
77 KB PNG
>>88014080
>>
File: 1.jpg (338 KB, 1200x409)
338 KB
338 KB JPG
just spent $630 aussie kangaroos on this beast. i almost feel ill, this is the most money i haver spent on a pc case, my previous glass lianli tower was $300 and i had a hard time justifying that. but with this done, i now have everything in my home system rack-mounted and safely tucked away in a ventilated, but sound proof, closet.

what has be feeling more sick is knowing that i already burned $350 on an aliexpress case for the same purpose only to realise i am fucking blind and the aliE case doesnt support atx motherboards or a radiator, only a random generic chink mining motherboard with limited I/O. do you think i could sell it and recoup $100-200? or is it worth trying to send it back for a refund?
>>
Do any of you colocate /hsg/?
>>
Do I need to care about having my machine connected to ethernet to a router which has 4 roommates connected to it as well through both wifi and ethernet?
Running linux
>>
>>88014916
no?
>>
>>88014972
Hmm ok, could you explain how that wasn't a reasonable question to ask?
>>
Plex, jellyfin, emby... is even one of these capable of displaying SSA/ASS fansubs properly with the correct fonts on all client devices? Is it a limitation of the clients? I wish they could just use mpv on every client device desu
>>
>>88015117
plex has been fine for me with ASS subs that are properly formatted, on desktop, mobile and via casting. i havent used jellyfin too much but i also didnt run into issues with it on desktop, havent tried the mobile player or casting with subs.
it also is trivial to convert your subs format if you are having iasies, or otherwose download working subs. plex and kodi have a built in subtitle search, and i believe there are plugins for jellyfin to do the same.

what kind of issues are you having and are you 100% sure it isnt just from those garbage fansubs made by indians that dont know how to make working subtracks?
>>
File: preddit.jpg (460 KB, 2190x2939)
460 KB
460 KB JPG
Can't get more comfy than Ansible, Debian, ZFS and Podman.
>>
>>88015156
To be fair it's been a few years now since I tried it, but when I tried it all 3 had issues with karaoke and intros that made use of the "animations" and clever typesetting fansubbers will sometimes do. This was on my TV, so it probably hasn't been fixed, but I guess I can just plug in my laptop to my TV to avoid these issues. Do you know if the plex app for iOS is able to properly display ASS/SSA without just converting to SRT?
>>
File: 1659612441737482.png (207 KB, 852x492)
207 KB
207 KB PNG
Since WLAN on my WRT3200ACM may as well not exist, would OPNsence DEC675 be a good router?
>>
>>88015215
>Debian
I would go to something else like FreeBSD, Gentoo, Devuan, or even Alpine.
>>
File: 20220402_045543.jpg (719 KB, 1920x2560)
719 KB
719 KB JPG
>never cared about energy consumption before
>this past year the bills seem to be getting more expensive
>server uses 60W
>calculations
>it's almost 130 eurobux a year now
fuuu

Now I'm not buing some 12th gen shit to solve this, spending hundreds of euros to save a few dozen a year is stupid. But I'm definitely gonna do something, maybe a haswell-tier mini is in the cards now. Shame about the hard drive slots though.
>>
>>88016499
https://ark.intel.com/content/www/ru/ru/ark/products/65735/intel-xeon-processor-e31220l-v2-3m-cache-2-30-ghz.html
>>
>>88016499
>dont want high power consumption
>buying intel in [current_year]
kek
>>
>>87983146
I'm running my HS on windows wsl running Ubuntu. I have nextcloud and some other applications setup in docker containers and everythings working great, no issues with port forwarding things like navidrome. However, for the life of me, I cannot get port 8096 to open for Jellyfin. I have made rules to open 8096 via my windows firewall but I can't access it locally, and I've triple checked to make sure my inbound and outbound rules were correct. I know my docker instance is healthy and running (as far as I can tell), in docker container ls it shows as jellyfin and the status is healthy. It's not my first docker-compose file and I've triple checked it as well to make sure there are no typos. Even after port forwarding on my router 8096 and adding udp/tcp rules for 8096 on my local machine, portcheckers still show 8096 is closed so I conclude it has to be something with my firewall on my local machine right?
Is this just a windows bug? I will move everything to an ubuntu server when I get the rest of my equipment, but for the time being if there is an easy fix for this I'm missing I would love to hear it.
>>
>>88016635
Ryzen isn't cheap either and recent Intel is good at idle, which is what this mostly does.

There's a Supermicro 1155 board that I could get for less than 100 eurobux, I might go with that. And a low power xeon like the other anon suggested.
>>
>>88010965
Would something like this do as server? https://www.lenovo.com/ng/en/desktops/thinkcentre/m-series-tiny/ThinkCentre-M625q-Tiny/p/11TC1MTM62Q10TF
>>
>>88011927
>openmediavault
Isn't that based on debian anyway
>>
>>88016499
Looking at this made me sneeze
>>
>>88016688
true, and they dont even have any low nor mid-range ryzens even
>>
>>88016964
TDP is only 6W and it can't be worse than my current pi zero.. I just hope it's not going to overheat or anything
>>
>>88017314
>>88016964
depends what you want to do. it's an ancient AMD APU, and the mobile version of it so it's extra slow. way worse than even an ancient second gen i5 (2500 non-K). i'd get something with an intel i5 3rd or 4th gen if you want cheap with a little more horsepower.
>>
>>88017442
My main concern is keeping consumption to the very minimum so I can only look in the mobile market. It's going to replace my torrent box so not many resource intensive operations to do
>>
>>88017469
it's incredibly stupid to buy old trash if you want power efficiency

https://www.sust-it.net/energy-saving/desktop-computers&company=178
>>
>>88017530
The top choices in that list cost double or triple of what I found. I'll have to compromise and pick a solution slightly older but more affordable. I think it will be close to the 3rd/4th one in terms of consumption
>>
>>88017615
the list was just an example. there's a whole bunch of units with modern mobile intel units too, and stop only looking at brand new shit if you're a cheap fuck.
>>
>>88017681
I'm only looking at the used market. That's how much they cost on my ebay. The one I found costs 99 and it seems like a fair price. I don't know
>>
>>88017690
it's not.
>>
I have a silly question because I'm a noob :
How do you choose your server hardware and software?

I would like to have a factorio server running ~8 hours a day automatically.
How would you do it ?
>>
>>88017698
Are you saying I'm not seeing what I'm seeing?
>>
>>88017747
Automatically? Like auto turn on and off? Also I choose my server hardware by figuring out the percentage of resources a given program uses on my system and scaling accordingly. Software: anything running docker, preferably ubuntu/fedora/randomlinuxdistro
>>
>>88018117
>Like auto turn on and off
Preferably, yes. Is that hard ?
>by figuring out the percentage of resources a given program uses
Do you have a process or just eyeball it ?
>anything running docker
That helps, thanks. I see that some guy already made one on GitHub.
>>
>>88018200
I eyeball it mostly.
I also see on dockerhub a fairly popular container: factoriotools/factorio
The turning off and on part I never did so no idea.
>>
File: 1658813856907889.png (177 KB, 412x443)
177 KB
177 KB PNG
My ISP basically fucked me and I can't access my home server from the outside. I have however another one in my office.
Is it possible to use it as a VPN or something so the one at home can be accessed by a domain name?
>>
>>88017747
>I would like to have a factorio server running ~8 hours a day automatically.
>How would you do it ?
There is some bios able to specify a date to start.
if not, use some programmable socket in which you plug the power cord, plus set the bios to start with 'resume on power'.
For the clean shutdown, you can do it in a daily cronjob.
>>
>>88017838
im saying it's not worth 99 usd/euro/pounds. maybe if it was half that it would be alright. beside, was the power consumption mentioned before for it the whole system at idle or just the power consumption of the CPU? cus mobo will also add a few watts.
>>
>>88018355
elaborate on how they fucked you, are they just blocking all incoming requests going to your router? cgnat?
you can probably set up a vpn client on the home server and a vpn host on the office server if they are blocking you from serving stuff at your home IP.
>>
>>88018431
They gave me a router I cannot configure.
Can't open ports, can't set up NAT loopback.
>>
What would be a good way to regularly copy files directly between two servers? I want to avoid SFTP, because I didn't like the complexity and UID requirements of an SSH jail. I will have restic rest-server available online, but it encrypts data when it goes to the target server, and I'd like to have it plaintext on destination server. I'd also like to minimize amount of services and ports used, so maybe some very barebones webdav since I already run a reverse proxy with HTTPS for rest-server? I'd like to avoid FTP(S) because it's yet another port to open and another bigish service to maintain, meanwhile with some webdav I think I could just put it behind HTTP basic auth on a subpath and call it a day.
>>
>>88018465
>>88018465
dont use it then you dumb fuck
>>
>>88018465
sounds like a shitty ISP
>>
>>88012677
>home
>Azure
But yeah, IaC is so much fun.
>>88014080
Get a router than can into VLANs, or maybe try OpenWrt if it's available for your device. Then:
>put IoT interface in one firewall zone
>restric outbound traffic from it
>put server or another interface and firewall zone (maybe LAN)
>set firewall rule on router to allow traffic originating from NVR VM to IoT zone
>done I guess
>>88014803
>or is it worth trying to send it back for a refund?
I've never sent an order back to China, but it'd be expensive for sure.
>>88014849
too expensive
>>88014916
No, just don't be a retard like I was and don't allow entire LAN to access your NFS share because you can't be bothered to note IPs used by VMs on the same network. I don't think they noticed, but still that was a bit irresponsible.
>>88014996
It was reasonable imo, but the answer is simple like the one anon provided. 90% chances are your roommates have never heard of something called Leenucks or SSH, so even if you had root:root credentials they wouldn't have you. But nobody said their machines couldn't get hacked from a totally legit cracked game from dubious sources, and someone more qualified couldn't look around your network for more interesting targets, like your server. So, keep stuff up to date, use strong credentials (for ssh use key auth instead), monitor logs from time to time at least and you'll be fine.
>>88015117
>on all client devices
On computers you can use Jellyfin Media Player which has mpv playback backend, and for other clients I think you could force subtitle burnin.
>>88015215
comfy indeed
>>88016499
Don't mean to insult you anon, but getting a job made me less concerned about power costs. I wouldn't run a 10 year old dual Xeon shitbox, but I don't mind 120 watts equaling to like 15 euro monthly. The server serves me extremely well, it's cheaper than a Hetzner dedi, and since I'm employed two hours of work cover the costs completely. It's a nice perspective.
Amanda a cute, clean her tho.
>>
>>88016675
>Docker on Ubuntu on WSL on Windows
Certified bloat gold star. Good on you for having migration plan though.
See if Jellyfin is set to accept incoming connections from "outside networks", I don't know how WSL does networking (also WSL1 or WSL2?) but it might be at fault here.
>>88016964
Maybe, but CPU sounds not great.
>>88016966
It is.
>>88017469
Is 8-10 watts in idle fine? Because that's what you get with 6 gen tinyminimicros, and according to HP docs 4 gen is also in those ranges. And those are surely nicer CPUs.
>>88017690
>on my ebay
Allegro/OLX by any chance?
>>88018489
Anon might have a router+modem combo that does some sekrit authentication which will prevent him from using his own device. Anon probably could unplug the device from network, reset to factory settings, log in and change admin password to his own, but when he connects back he might either get ISP config pushed entirely (overwritting custom password) or not pushed at all (because fuck you, that's why).
>>88018465
>Can't open ports
Mayyyyybe you could abuse UPnP to dynamically forward ports and keep them open? Or try asking them to switch their shitbox into bridge mode for you.
>>88018355
Yeah, you could do that, run WireGuard server in office, run WireGuard client at home, point domain at office server, forward ports from office server to home server on the WireGuard network.
>>
>>88018750
WSL2, ya I know its bloated but I hate windows terminal and I always prefer working in linux environments. I have enough ram for it not to be an issue.
As far as I can tell it gets its networking rules from the host system (windows), because when I set my firewall rules for port 4533 (navidrome) it works like a charm. But for whatever reason 8096 won't budge.
I'm willing to bet because of the amount of layers this is running through theres just some hiccup somewhere in the communication between the docker container to the wsl ubunutu environment to the windows host system. I'll just wait until I can set up a proper server for Jellyfin I guess.
>>
>>88018855
Have you checked the "outside networks" setting in Jellyfin? Please do.
>But for whatever reason 8096 won't budge.
To verify that theory you can map Navidrome to 8096 temporarily and see if it's really true.
>>
File: networking3.jpg (1.21 MB, 2560x1920)
1.21 MB
1.21 MB JPG
>>88018639
>(server power costs)
Yeah that's the thing, there's nothing wrong with my server either. But I do try to bring monthly costs down as much as I reasonably can and this would be another drop in that bucket. If I could spend say 200ish eurobux on a board, memory and a gold rated PSU, I might be able to cut the power by a third, which feels reasonable in my mind. We'll see, I have a couple inquiries going about some boards.

At the same time I'd change my nameserver (another 24/7 computer) back to an Atom thin client and there's a couple other things in this house that need attention too. If I get the server board I'm eyeing now, I'm going to use the i3 processor from my current nameserver.
>>
File: 1655232053004.jpg (23 KB, 625x625)
23 KB
23 KB JPG
I know a lot of people use Kodi for personal media
But have any of you ever set it up for livestreams and shows hosted elsewhere?
Where do you look for actually good setups and hosts for this shit?
Just wondering if I can set it up to get free sports for a boomer
>>
>>88019023
Yeah, it's perfectly fine to optimize costs. Wouldn't run a 120W idle box if it didn't provide me with fast CPU which I need in sudden bursts. This potential validates the a bit high running costs for me, even before factoring in the relative amount of work needed to pay for it.
My parents' server, however, is an explicitly bought tinyminimicro because it's just the right amount of performance for their use case (well, has some headroom) and doesn't hurt their power bill for no reason.
Damn, I love home servers.
>>88019093
I know there are pirate IPTV streams (free unreliable M3U lists somewhere around internet, or somewhat reliable sites which let you watch only through browser and lock themselves when you open dev tools, and paid pirate M3U streams). Huh, now I wonder if there are any legal IPTV providers that would just give you an .m3u8 link and let you watch it in any software.
>>
>>88018355
yes use cloudflared no port forward
>>
>>87988949
thats fucking awesome haha
>>
File: 1654204883005.jpg (136 KB, 1010x1272)
136 KB
136 KB JPG
>>87983146
I'm on zfs should i utilize snapshots for backups or just rsync like a retard? Compression and dedup would be really nice
>>
>>88020002
>drive fails
>snapshots gone
Really it doesn't make sense to "back up" data on the same drive you'll be fucking around with.
>>
>>88020002
I use a temporary snapshot for the duration of restic backup running, it ensures data consistency during the process. Using snapshots as your only backup related thing - that's silly, you'll have a pool die and snapshots will be gone. Using snapshots as an additional save your ass measure if you accidentally delete something - that makes sense.
>>
>>87992405
I have the 2100
super worth, legit one of the best purchases i think I've ever made
No headaches, ready to go out the box, and its easy to learn and extremely cool

Its also fast as shit
just keep in mind you will need a modem if you have cable to plug into the WAN interface
You will also need your own WAPs if you want wifi
>>
>>87992800
opnsense is incompetent
they couldn't even secure a domain for themselves and literally got trolled by pfsense
>>
>>88020354
>and literally got trolled by pfsense
What a bunch of pranksters. They sure must like trolling people, since their victims include their own customers and upstream projects they leech from. https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/
>>
>>88020062
>>88020128
snapshot to external drive fagass
this way i can have dedup, compression and really easy rollback but it's really annoying to do if you backup to external so i was wondering if there's anything better
>>
>>88015661
How about this one instead? Seems to be way more bang for the buck.
>>
>>88021103
there's perfectly adequate ones for around 200 bux, go check project tinyminimicro reviews on them
>>
>>88021124
> adequate
I want good, though. Meaning multiple 1Gbps with QOS at least.
> project tinyminimicro
Will check it out, thanks.
>>
>>88021140
they are good, a fucking i7 in a router is retarded overkill
>>
>>88020456
i bet you enjoy discord tranny drama too
>>
alright, i got a CPU and a mobo lying around from my upgrade. Once i find some ram and a drive, what can i do with this? I was thinking maybe a Minecraft server but i'm open to ideas, i'm creatively bankrupt.
>>
have any of you tried running a plex or jellyfin server and used bazarr to get subtitles? I'm running bazarr, sonarr and radarr in a docker container and bazarr can't download any subs for some reason. I find subs that are a 99% match, but when I use auto search nothing happens and when I use manual search it doesnt download.

this pops up in bazarr logs whenever I try downloading subs

Exception when servicing <waitress.channel.HTTPChannel connected ***.***.***.***>
>>
Is there any viable way to have home server encrypted without having to enter in password each time on startup?
>>
Trying to get less power hungry gear as well, though I'm already down to 100W with a n40l + old office sff combo. Honestly, it's pretty tiring. I wish I could just plug in some 10 year old behemoth which sounds like a fighter jet and be done with it, but I'm a euro.
Can't decide between using one server for all vs. a weak storage server and some USFFs.
>>
>>88022573
wouldn't that defeat the purpose
>>
>>88022596
I guess. Maybe if there was a thing if it reads the key from a usb stick or something. Maybe I'll just leave that for when I have a server that stays on 24/7
>>
>>88022573
if you use windows you can put the bitlocker key on a usb stick. I'm pretty sure there's something similar for LUKS on linux.
>>
>>87992405
pretty sure this thing aliexpress.com/item/1005004102703443.html uses the same 2.5g nics as the netgate 6100 with similar <10W consumption for the entire device
>>
>>88022573
>>88022631
You can either
>get a KVM you can connect remotely to
>do something like this https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/
>leave the OS unencrypted and only encrypt the data and VMs
which is what I do. Leaving the key on a USB drive is a good idea though. I might combine it with encrypting the data as a second layer of defense. In an emergency I could hide the USB in my asscrack or something.
>>
>>88023146
spread them cheeks, sir
>>
>>88020652
>but it's really annoying to do if you backup to external so i was wondering if there's anything better
Yeah, I know. There were some scripts that tried to send a btrfs snapshot to external drive, hooking up last snapshot on external as the parent snapshot so it shouldn't duplicate data. It was too much fuss for me so I gave up.
>>88022141
awesome-selfhosted
>>88022154
I just use private trackers with release groups who can be assed to download the one thing served as plaintext without any DRM on streaming services. Bazarr looked cool though.
>>88022573
Use a LUKS keyfile on pendrive, or leverage TPM. If you're concerned about remote unlock but wouldn't mind typing the password, SSH in initramfs is doable.
>>88022576
>one server for all
this one
>>
>>88023776
>Yeah, I know. There were some scripts that tried to send a btrfs snapshot to external drive, hooking up last snapshot on external as the parent snapshot so it shouldn't duplicate data. It was too much fuss for me so I gave up.
what are you using right now?
>>
>>88023776
>Use a LUKS keyfile on pendrive, or leverage TPM.
is there some loonix distro which supports the pendrive scenario out of the box, ie. without janky 3rd party scripts?
>>
>>88023840
rsync to ext4 external. Most data there is restic repos which make snapshots on their own, so that's preserved on the external.
>>
>>88021103
Is having fan really the point of failure on a router with OPsense? I assume you want it to be running 24/7
>>
>>88023914
>3rd party janky scripts
just configure it properly the first time around, you don't need janky "scripts" or whatever the fuck
>>
File: IqlwCqvOyUZM.jpg (209 KB, 973x971)
209 KB
209 KB JPG
>>88023929
No idea why they are all fanless. I’d strap one on anyway.
>>
>>88023914
>is there some loonix distro which supports the pendrive scenario out of the box, ie. without janky 3rd party scripts?
Yeah, Arch. Format the pendrive with a filesystem label, put key in file on that FS, then in kernel args you add an argument with FS label and path to the file. https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Unlocking_the_root_partition_at_boot
I looked into doing this on Debian, because I want my friend to not have a rolling distro for now, and it was way more fucked up with some Debian specific scripts involved iirc.
>>
>>87983146
VPS / Rootserver <Homeserver
Sup /g/ any proxmox users here?
>>
>>88023963
thanks, that was also my memory of looking into it with debian, don't remember the details but it involved some weird shit i forget. ill give it a try with arch
>>
File: an4kmzfjx8w61.jpg (397 KB, 2000x2483)
397 KB
397 KB JPG
>tfw using a Pi4 as a dumb USB-C to 2 pin fan plug adapter
I haven't used those WD My Books in their enclosures for a while now, just an hour of copying data and this fucker was already at 60 degrees. Seems like previous owner didn't care about temps either, max ever seen is 73c.
Saw some guy on the R forum make a 3D printed cooling dock for them, pic rel. Though maybe it won't be hitting such high temps with incremental backups later, so it won't be necessary to buy a 3D printer.
>>
>>87984048
>>87987522
Need your help, gluetun-sama

Here is my docker compose yaml:
https://pastebin.com/ftVc05GE

When I navigate to my /etc/opt where my docker-compose.yml is saved and
sudo docker compose up -d

I get the following message:
WARN[0000] Found orphan containers ([plex qbittorrent]) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up. 
[+] Running 1/1
⠿ Container opt-gluetun-1 Started

and when I
docker compose ps
I see:
NAME                COMMAND                 SERVICE             STATUS              PORTS
opt-gluetun-1 "/gluetun-entrypoint" gluetun exited (1)
plex "/init" plex running
qbittorrent "/init" qbittorrent running 0.0.0.0:6881->6881/tcp, 0.0.0.0:6881->6881/udp, 0.0.0.0:8080->8080/tcp, :::6881->6881/tcp, :::6881->6881/udp, :::8080->8080/tcp

I know I fucked up I just don't know what
>>
>>88024210
moshi moshi anon-kun, read and do exactly what docker-compose tells you desu
Then use
docker-compose logs gluetun
to see why gluetun dies.
>>
>>88024210
why are you using /etc/opt?
>>
>>88013513
friendly reminder docker is open source and you can just read it
>>
>>88024228
>>moshi moshi anon-kun, read and do exactly what docker-compose tells you desu
When I tried that it just completely broke my plex and qbit
>>88024277
Why wouldn't I? I don't know, I was following some guide somewhere and that's where it said to put it, I don't remember. Where should it be?
>>
>>88024388
>Where should it be?
It's your preference but I keep mine alongside their relevant folders if I can. In your case you already have a Plex folder with a bunch of subfolders. If you put the compose file in that folder you could use relative paths like .tv/:/tv
Makes it easy to up/down them in the future if the mount path changes.
There's no right or wrong way.
>>
>>88024388
>it just completely broke my plex and qbit
Because you're supposed to keep the declarations of containers in the .yml file. That's the whole point of docker-compose, so you know what you're running and how it's set up.
Anything in the logs? Probably gluetun can't find VPN profiles or some shit. Also I saw your qbittorrent (the one apparently missing from .yml) had ports forwarded on it. Two things I need to point out here:
1. If you want to forward ports through VPN (like 6881, for BitTorrent traffic) then you should do that via gluetun config. Maybe some environment variable. However iirc nordvpn doesn't let you forward ports at all, so it's useless either way. Remove the mapping here. Oh, and if you also forwarded port on router to 6881 - remove it too.
2. You also forwarded the 8080 port for web UI. Like I mentioned earlier, once you tell qBit to use gluetun's networking, you should forward the 8080 port on gluetun container instead (which will then go to qBit).
/etc/opt also looks odd to me, but it's not super awful. Personally I use /srv/docker.
>>
>>88025033
>Because you're supposed to keep the declarations of containers in the .yml file.
I... thought I was. I guess I don't know what you mean by this
>>
>>88025169
--remove-orphans removes containers which were created from a compose file, but are no longer present in the file.
>>
>>88023980
yeah but im migrating all my lxc containers to docker for a simpler setup
>>
>>88025287
Dog, I'm sorry, I'm completely lost, had a long work week and my brain is fried. I've tried reading the documentation but it just raises more questions. I've tried reading guides but they all say different things. You're telling me I fucked something up but I don't know what I fucked up. What in my docker-compose.yml is wrong?
>>
>>88025515
No worries. Post entire .yml, and post output of docker-compose logs gluetun. If not in this thread, I'll help you in next.
>>
>>88025700
yaml is in the pastebin I posted, give me a sec on the docker logs, I have to get back to my pc
>>
I got a synology, how do i securely set up a wireguard/vpn container so other containers can route through it? I don't really want to use combined torrent/vpn containers because last time I used one it broke for like 3 months
>>
>>88025700
okay, actually running into a snag because I think something ELSE is fucked up. So, I'm running a plex server off a raspberry pi. Plugged into the pi via usb is an external HD called "Elements" (idk I think that's just what it was called when I bought it)
so elements is mounted at /media/anon/Elements
but sometimes when I reboot my system, for some reason it creates another "Elements", the "Elements" with all my stuff in it is renamed "Elements1", and "Elements" just has empty filepaths. So before I troubleshoot gluetun, I think I need to fix that first. I'm going to revert to my old docker-compose.yml, which for right now just has Plex and Qbit on it. If you ignore the gluetun section of the yml, that's what it looks like. Can anyone help me out with this?
>>
What even is the probability of a 'bit rot' error happening at the same adressed space between two drives storing the same data?

It seems to me ECC RAM is far more important than third party software that checks for parity between two sets of data. 99,999% of bit flipping (if it happens) would happen when data is transferred trough RAM. ZFS without ECC RAM for example seems kinda silly with that in mind.
>>
File: soy.png (394 KB, 638x563)
394 KB
394 KB PNG
i love servers
>>
>>88028265
>ywm be a small form factor high power computing device being held by wendell
>>
>>88026887
ECC ram is, apparently, far less critical than it used to be. Errors that are discovered in regular scrubs that can be caused by non-ECC RAM can typically be fixed. So for a home scenario it's nice to have but perhaps if you are cutting costs you don't need to worry about it as much. What is more important is first having a solid backup plan and secondly having the right amount of parity.
>>
>>88026804
>>88025700
Alright, this is embarrassing, looks like setting my region to
"United States"
was wrong, and I needed to call it
United States
, my fault. The only other thing I could see was that I didn't uncomment the container name for gluetun, so it was calling itself opt/init-gluetun or something I don't remember. I uncommented it and now it's calling itself gluetun, but it's still saying plex and qbit are orphaned.

Here is the yaml file as it stands now, with the region fixed and the name uncommented:
https://pastebin.com/hZTaaYdt

Problems are still persisting. It keeps creating a new "Elements" as described here >>88026804
and two: the logs are an actual mess, like took up over the entire terminal, I don't know how useful they'll be.
And three: containers are still orphaned, somehow. If I prune them, then plex and qbit stop working, even if I
docker compose up -d
or reboot, I have to, like, run an old yml to get them back. It's frustrating and weird.

Anyway, here are the logs, not sure how much help they'll be: pastebin.com/Pa31ri8t
>>
>>87996744
i have a VM hosted on my main TrueNAS box dedicated for this purpose. Runs deluged and every 3 hours reconnects to VPN service, obtains port, and passes port to deluged. iptables rules enforce sending data through tun0; if VPN is down no data is transmitted. If you intend on storing the data on the machine you will want to make sure iptables permits LAN network access so you can access it from other local machines.

>>87998569
i have a similar dilemna; my lab 2U rack server has 2.5-inch bays but I keep an older rack that has 3.5inch bays as a NAS because 2.5 inch does not scale well if you want raw storage. 3.5 inch is where it is at for cost/storage especially if you shuck or find old enterprise drives on ebay.

>>88012817
if the job scales well over many cores you should go AMD instead of intel/Xeon

>>88014080
for your use case vlans are the answer. openwrt, or if you have an old PC lying around with 2+ NICs, OPN/PFsense. I personally have an IoT subnet that is configured to be completely isolated from all other subnets. my shitty AP allows vlan tagging of separate SSIDs. I agree that putting a router on top of proxmox is squicky; i like having separate hardware for routing purposes.

>>88017747
i get most of my hardware for free because the don draper-type sales mofos at my work are great at spoonfeeding azure trash to our boomer clients which means I get their old lightly-used 4-year old rack servers.

>>88020354
i tried using opnsense and while troubleshooting an issue I tried pfsense and realized how much better pfsense's documentation is. forks with shit docu are a good sign a project is being ran by children. competition is good but i will sit cozy with pfsense.
>>
Anyone do a 10gbit router build? Would a N6005 be enough? Basic firewall rules, maybe a bit of QoS for games and comms programs and such
>>
>Currently moving files between 2xZ1 raids
>2 different boxes connected with 2x1Gb trunks. >Switch has enough backplane capacity.
>Boxes still shows free memory.
Rate is shit, at 23Mbytes/s

what's wrong Anon ?
>>
I'm planning a house renovation, is it worth laying down fiber optic wires when they do the wiring? or is cat6 is good enough for at least the next decade? asking because my house is fully bricks and concrete, not like those american houses with the semi-permanent plaster wall thing so accessing the conduit means that I have to demolish the brick stuff.
>>
Is there a way to make my server "reachable" only by designated computers?

I understand that using a VPN accomplishes exactly that. But the other people aren't tech savvy and they enjoy the "open browser go to website" approach.

I am using a reverse proxy and am limiting connections only from the country we're in. The services are locked behind username/passwords. But is there something like "allow only connection from computers with this cookie" or something? I have jellyfin and the companions mainly running (apart from the web server and ssh server).
>>
>>88029646
A firewall?
>>
>>88029846
I think that it won't work, since we have changing IP addresses. Or am I missing something?
>>
>>88029646
https://www.cyberciti.biz/tips/iptables-mac-address-filtering.html
>>
>>88029646
reverse proxy
>>
>>88029646
cloudflare proxy can set geo based blocking
>>
>>88030109
>>88030122
I already use a reverse proxy with geo blocking (as mentioned in the post). I am blocking based on country, which is fine I guess. But I was wondering if I can fine tune it even more.

I'm looking into the MAC address filtering on server's firewall level.
>>
>>88030141
MAC addresses are easily spoofed. The only way to truly verify the client is to has something like a certificate, in which case just use a VPN. They are straightforward to setup, though perhaps not for grandma. But if you can get a hold of the devices they will be using for 10 minutes you can quickly install the certs/config for openvpn or wiregaurd. Or you can just install it on their router at home or whatever so they never have to interact with it.
>>
>>88026334
Can you do docker-compose on it? If so, it's easy, search for gluetun in this thread where I help anon get it working. If not, I'm sorry but that's your fault for buying a locked down glorified Samba server.
>>88026804
/media/run
That's where external drives are mounted automatically. I don't remember what does that (udisks2?) but I'd recommend disabling it and setting automatic mount by hand in /etc/fstab so you don't get such surprises anymore.
>>88028548
>.yml
Heyyyyy anon, don't do multiple version: and services: in the same file. They should be only once in the file. Also use version: "3", it works too.
>container_name for gluetun
I call bullshit, that's important only if you use bare Docker without docker-compose, where you have to use
network_mode: container:container_name
rather than the service name (gluetun:).
Drop the quotation marks in service_mode for qbittorrent too.
Actually if I manage to get it done before thread archives I can post you a .yml that should work.
>>
>>88029195
Is write verification turned on? it sounds like it might be. Turn it off and see what speeds you get. If you notice a substantial difference, do more ZFS research lurking around so you can decide for yourself if you can live without write verification or if you want to buy optane SSDs to fulfill that niche meme-y ZFS "requirement". I had the same exact issue in my homelab and I decided I would rather have speed and sacrifice the 1/n chance a power outage coincides with a critical write and forces me to revert to a snapshot from... an hour ago. lmao. In my opinion for all homelab purposes you can turn verification off but you need to make that decision yourself.

more reading, ZLOG/ZIL by our wonderfully autistic friends on the TrueNAS forum: https://www.truenas.com/community/threads/some-insights-into-slog-zil-with-zfs-on-freenas.13633/
>>
>>88029496
cat7 can handle up to 10gbit/s that should easily be enough for your home network for the next decate
>>
>>88028548
Ok, quick answer: https://pastebin.com/YYcW6HUC
gluetun seems to launch correctly according to logs, sets up the tunnel (Initialization Sequence Completed), not sure why it died before.
qBit and Plex were getting removed because of duplicate services: section, which meant compose thought there's only gluetun supposed to exist.
Cleaned up gluetun config a bit. Moved qBit port mapping to gluetun (remember, it uses gluetun's network stack now so everything network related has to be done to gluetun container).
See ya in next thread.
>>
>>88028941
>i have a similar dilemna
I think I'm just going to bite the bullet and buy another 2.5" at 2 TB with price 2x of 3.5" drives. Don't want to make it more pain in the ass for mom than it already is to carry a 2.5 every week to do backups of backups, a 3.5 would be huge in purse.
>how much better pfsense's documentation is
Sadly true, I did that too.
>forks with shit docu are a good sign a project is being ran by children
I think I could agree, but on the other hand actions of Netgate were quite childish on their own. When someone tells you you're adding security vulnerabilities you should thank them instead of saying that's hurting the open source community. And also maybe don't troll with Hitler parodies, that's far from professional.
>>88029646
Firewall with IP restrictions.
>But the other people aren't tech savvy and they enjoy the "open browser go to website" approach.
Anything you add past what you have already will become a massive pain for the normies. A cookie requirement is doable, but will hurt e.g. mobile and TV apps for Jellyfin.
Just keep stuff up to date, don't host it on obvious domain and chances are nobody will find it and mess with it.



Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.