Pete90

joined 1 year ago
[–] [email protected] 38 points 5 months ago (2 children)

I agree, but most games also have a higher ratio of value to cost. If I buy a game for 50 bucks, I'll play it for many hours, let's say 50. So that will be 1 per hour, pretty good. If I buy a new movie, that isn't available for subscription streaming, that ratio is easily double. If I have a subscription and need another now, that also lowers it's value. It also comes with lower comfort and ease of consumption, as you mentioned.

Another great example is YouTube premium. I'll gladly pay 5 or 7 bucks for adfree content, not 14 though. I don't need YouTube music. So I block ads where I can and donate to creators, if I can afford it. They could have had my money, but they are, simply, greedy.

I also hate it, when deals are altered without my consent. It makes me feel like a sucker, and therefore makes it less likely for me to keep investing.

[–] [email protected] 9 points 5 months ago* (last edited 5 months ago) (1 children)

You most likely won't utilize these speeds in a home lab, but I understand why you want them. I do too. I settled for 2.5GBit because that was a sweet spot in terms of speed, cost and power draw. In total, I idle at about 60W for following systems:

  • Lenovo M90q (i7 10700, 32GB, 3 x 1 TB SSD) running Proxmox, 15W idle
  • Custom NAS (Ryzen 2400G, 16GB, 4x12TB HDD)v running Truenas (30W idle)
  • Firewall (N5105, 8GB) running OPNsense (8W idle)
  • FritzBox 6660 Cable, which functions as a glorified access point, 10W idle
[–] [email protected] 2 points 5 months ago (1 children)

I'd be very careful to publicly host Jellyfin. Although not necessarily true, it basically advertises that you're pirating content while also giving out your IP. Even if you rip your own media, this can still be illegal. Please be careful.

Maybe you can put it behind some authentication or, even better, a VPN.

[–] [email protected] 1 points 6 months ago

With most firewalls, there is an option to download ip lists for blocking. There are several list I don't recall right now, that aggregate DoH services. It's not perfect, but better than nothing.

[–] [email protected] 1 points 7 months ago (1 children)

Thank you for your offer, but these are too old for what I want to do with them. Cheers!

[–] [email protected] 1 points 7 months ago

Proxmox eats consumer grade SSDs (at least that's what people are talking about)

[–] [email protected] 1 points 7 months ago

Good to know I'm not the only one!

[–] [email protected] 1 points 7 months ago

Hej. I need all of that data. And those movies too. But yeah, seems to be the case. Weird, that people buy those drives, when 12tb aren't that much more expensive. We'll, but here I am but only because I had an old but okay 4TB drive lying around.

[–] [email protected] 1 points 7 months ago (1 children)

I'd be scared to be ripped off in a lot. Do they show drive stats before sale?

[–] [email protected] 1 points 7 months ago

I've had great success with used drives so far, mind you I only buy slightly used with lots of remaining warranty... Saved me tons.

[–] [email protected] 4 points 7 months ago

There is quite a price difference, at least here in Germany. It easily be double, if not more... I'd love to use SSDs, but can't afford them right now

[–] [email protected] 1 points 7 months ago

I didn't even think to look at Amazon, but for 12TB, that is an okay to good price. Too bad the 4TB is inappropriately expensive...

 

I'm in the marked for a used 4TB for my offsite backup. As I've recently acquired four 12TB drives (about 10000 hours and one to two years old) for 130€ each, I was optimistic. 30 to 40€ I thought. Easy.

WRONG! Used drive, failing SMART stats, 40€. Here is a new drive, no hours on it. Oh wait, it was cold storage and it's almost 8 years old. Price? 90€ (mind you, a new drive costs about 110€). Another drive has already failed, but someone wants 25€ for e-waste. No Sir, it worked fine when I used Check-Disk, please buy. Most of the decent ones are 70 to 80€, way too close to the new price. I PAID 130 FOR 12TB. These drive were almost new and under warranty. WHY DO THIS NUMBNUT WANT 80 EURO FOR A USED 4TB Drive? And what sane person doesn't put SMART data in their offerings??? I have to ask at least 50 percent of the time. Don't even get me started on those external hard drives, they were trash to begin with. I'm SO CLOSE to buying a high capacity drive, because in that segment, people actually know what they are doing and understand what they have.

Rant over.

What gives? Did these people buy them, when they were much more expensive? Does anyone now a good site that ships refurbished drives to Germany? Most of those I found are also rippoffs...

 

Hej everyone. My traefik setup has been up and running for a few months now. I love it, a bit scary to switch at first, but I encourage you to look at, if you haven't. Middelwares are amazing: I mostly use it for CrowdSec and authentication. Theres two things I could use some feedback, though.


  1. I mostly use docker labels to setup routers in traefik. Some people only define on router (HTTP) and some both (+ HTTPS) and I did the latter.
- labels
      - traefik.enable=true
      - traefik.http.routers.jellyfin.entrypoints=web
      - traefik.http.routers.jellyfin.rule=Host(`jellyfin.local.domain.de`)
      - traefik.http.middlewares.jellyfin-https-redirect.redirectscheme.scheme=https
      - traefik.http.routers.jellyfin.middlewares=jellyfin-https-redirect
      - traefik.http.routers.jellyfin-secure.entrypoints=websecure
      - traefik.http.routers.jellyfin-secure.rule=Host(`jellyfin.local.domain.de`)
      - traefik.http.routers.jellyfin-secure.middlewares=local-whitelist@file,default-headers@file
      - traefik.http.routers.jellyfin-secure.tls=true
      - traefik.http.routers.jellyfin-secure.service=jellyfin
      - traefik.http.services.jellyfin.loadbalancer.server.port=8096
      - traefik.docker.network=media

So, I don't want to serve HTTP at all, all will be redirected to HTTPS anyway. What I don't know is, if I can skip the HTTP part. Must I define the web entrypoint in order for redirect to work? Or can I define it in the traefik.yml as I did below?

entryPoints:
  ping:
    address: ':88'
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ":443"

  1. I use homepage (from benphelps) as my dashboard and noticed, that when I refresh the page, all those widgets take a long time to load. They did not do that, when I connecte homepage to those services directly using IP:PORT. Now I use URLs provided by traefik, and it's slow. It's not really a problem, but I wonder, if I made a mistake somewhere. I'm still a beginner when it comes to this, so any pointers in the right direction are apprecciated. Thank you =)
 

EDIT: I found something looking through the source code on Github. I couldn't find anything at first, but then I searchedfor "periodic" and found something in middelwared/main.py.

Theses tasks (see below) are executed at system start and will be re-run after method._periodic.interval seconds. Looking at the log in var/log/middelwared.log I saw, that the intervall was 86400 seconds, exactly one day. So I'm assuming that the daily execution time is set at the last system start.

I've rebooted and will report back in a day. Maybe somebody can find the file to set it manually, not in source code. That is waaaay to advanced for me.

EDIT 2:

EDIT: I was correct, the tasks are executed 24hours later. This gives at least a crude way to change their execution time: restart the machine.


Hej everyone, in the past few weeks, I've been digging my hands into TrueNAS and have since setup a nice little NAS for all my backup needs. The drives spin down when not in use, as the instance only recieves/sends backup data once a day. Howevery, there are a few periodic tasks which wake my drives. Namely:

catalog.sync	                Success	26796 	12/03/2024 18:06:54 	12/03/2024 18:06:54 		
catalog.sync_all	        Success	26795 	12/03/2024 18:06:54 	12/03/2024 18:06:54 		
zfs.dataset.bulk_process	Success	26792 	12/03/2024 18:06:43 	12/03/2024 18:06:43 		
pool.dataset.sync_db_keys	Success	26791 	12/03/2024 18:06:42 	12/03/2024 18:06:43 		
certificate.renew_certs	        Success	26790 	12/03/2024 18:06:42 	12/03/2024 18:06:43 	
 
dscache.refresh	                Success	24991 	12/03/2024 03:30:01 	12/03/2024 03:30:01 
update.download	                Success	25027 	12/03/2024 03:46:01 	12/03/2024 03:46:02 

I spend the last hour searching online and digging through files and checking cron. I found the dscache.refresh and the update.download. I can't find the first five. At least one of them wakes my drives. Does anyone have an idea? There used to a periodic.conf, but I can't find it on my system. Thanks!

 

Network design. I started my homelab / selfhost journey about a year ago. Network design was the topic that scared me most. To challenge myself, and to learn about it, I bought myself a decent firewall box with 4 x 2.5G NICs. I installed OPNsense on it, following various guides. I setup my 3 LAN ports as a network bridge to connect my PC, NAS and server. I set the filtering to be applied between these different NICs, as to learn more about the behavior of the different services. If I want to access anything on my server from my PC, there needs to be a rule allowing it. All other trafic is blocked. This setup works great so far an I'm really happy with it.

Here is where I ran into problems. I installed Proxmox on my server and am in the process of migrating all my services from my NAS over there. I thought that all trafic from a VM in Proxmox would go this route: first VM --> OPNsense --> other VM. Then, I could apply the appropriate firewall rules. This however, doesnt seem to be the case. From what I've learned, VMs in Proxmox can communicate freely with each other by default. I don't want this.

From my research, I found different ideas and opposing solutions. This is where I could use some guidance.

  1. Use VLANs to segregate the VMs from each other. Each VLAN gets a different subnet.
  2. Use the Proxmox firewall to prevent communication between VMs. I'd rather avoid this, so I don't have to apply firewall rules twice. I could also install another OPNsense VM and use that, but same thing.
  3. Give up on filtering traffic between my PC, NAS and server. I trust all those devices, so it wouldn't be the end of the world. I just wanted the most secure setup I could do with my current knowledge.

Is there any way to just force the VM traffic through my OPNsense firewall? I thought this would be easy, but couldn't find anything or just very confusing ideas.

I also have a second question. I followed TechnoTim to setup Treafik and use my local DNS and wildcard certificates. Now, I can reach my services using service.local.example.com, which I think is neat. However, in order to do this, it was suggested to use one docker network called proxy. Each service would be assigned this network and Traefik uses lables to setup the routes. ' Would't this allow all those services to communciate freely? Normally, each container has it's own network and docker uses iptables to isolate them from each other. Is this still the way to go? I'm a bit overwhelmed by all those options.

Is my setup overkill? I'd love to hear what you guys think! Thank you so much!

25
submitted 11 months ago* (last edited 11 months ago) by [email protected] to c/[email protected]
 

EDIT: SOLUTION:

Nevermind, I am an idiot. As @ClickyMcTicker pointed out, it's the client side that is causing the trouble. His comment gave me thought so I checked my testing procedure again. Turns out that, completely by accident, everytime I copied files to the LVM-based NAS, I used the SSD on my PC as the source. In contrast, everytime I copied to the ZFS-based NAS, I used my hard drive as the source. I did that about 10 times. Everything is fine now. Maybe this can help some other dumbass like me in the futere. Thanks everyone!

Hello there.

I'm trying to setup a NAS on Proxmox. For storage, I'm using a single Samsung Evo 870 with 2TB (backups will be done anyway, no need for RAID). In order to do this, I setup a Debian 12 container, installed Cockpit and the tools needed to share via SMB. I set everything up and transfered some files: about 150mb/s with huge fluctuations. Not great, not terrible. Iperf reaches around 2.25Gbit/s, so something is off. Let's do some testing. I started with the filesystem. This whole setup is for testing anyway.

  1. Storage via creating a directory with EXT4, then adding a mount point to the container. This is what gave me those speeds mentioned above. Okay, not good. --> 150mb/s, speed fluctuates
  2. a Let's do ZFS, which I want to use anyway. I created a ZFS pool with ashift=12, atime=off, compression=lz4, xattr=sa and 1MB record size. I did "some" research and this is what I came up with, please correct me. Mount to container, and go. --> 170mb/s, stable speed
  3. b Tried OpenMediaVault and used EXT4 with ZFS as base for the VM-Drive. --> around 200mb/s
  4. LVM-Thin using Proxmox GUI, then mount to container. --> 270mb/s, which is pretty much what I'm reaching with Iperf.

So where is my mistake when using ZFS? Disable compression? A different record size? Any help would be appreciated.

 

Black friday is almost upon us and I'm itching to get some good deals on missing hardware for my setup.

My boot drive will also be VM storage and reside on two 1TB NVMe drives in a ZFS mirror. I plan on adding another SATA SSD for data storage. I can't add more storage right now, as my M90q can't be expanded easily.

Now, how would I best setup my storage? I have two ideas and could use some guidance. I want some NAS storage for documents, files, videos, backups etc. I also need storage for my VMs, namely Nextcloud and Jellyfin. I don't want to waste NVMe space, so this would go on the SATA SSD as well.

  1. Pass the SSD to a VM running some NAS OS (OpenMediaVault, TrueNas, simple Samba). I'd then set up different NFS/samba shares for my needs. Jellyfin or Nextcloud would rely on the NFS share for their storage needs. Is that even possible and if so, a good idea? I could easily access all files, if needed. I don't now if there would be a problem with permissions or diminished read/write speeds, especially since there are a lot of small files on my nextcloud.

  2. I split the SSD, pass one partition to my NAS and the other will be used by Proxmox to store virtual disks for my VMs. This is probably the cleanest, but I can't easily resize the partitions later.

What do you think? I'd love to hear your thoughts on this!

 

I've posted a few days ago, asking how to setup my storage for Proxmox on my Lenovo M90q, which I since then settled. Or so I thought. The Lenovo has space for two NVME and one SATA SSD.

There seems to a general consensus, that you shouldn't use consumer SSDs (even NAS SSDs like WD Red) for ZFS, since there will be lots of writes which in turn will wear out the SSD fast.

Some conflicting information is out there with some saying it's fine and a few GB writes per day is okay and others warning of several TBs writes per day.

I plan on using Proxmox as a hypervisor for homelab use with one or two VMs runnning Docker, Nextcloud, Jellyfin, Arr-Stack, TubeArchivist, PiHole and such. All static data (files, videos, music) will not be stored on ZFS, just the VM images themselves.

I did some research and found a few SSDs with good write endurance (see table below) and settled on two WD Red SN700 2TB in a ZFS Mirror. Those drives have 2500TBW. For file storage, I'll just use a Samsung 870EVO with 4TB and 2400TBW.

SSD TB TBW
980 PRO 1TB 600 68
2TB 1200 128
SN 700 500GB 1000 48
1TB 2000 70
2TB 2500 141
870 EVO 2TB 1200 117
4TB 2400 216
SA 500 2TB 1300 137
4TB 2500 325

Is that good enough? Would you rather recommend enterprise grade SSDs? And if so, which ones would you recommend, that are m.2 NVME? Or should I just stick with ext4 as a file system, loosing data security and the ability for snapshots?

I'd love to hear your thought's about this, thanks!

 

Hej everyone! I’m planning on getting acquainted with Proxmox, but I’m a total noob, so please keep that in mind.

For this experiment, I’ve purchased a Lenovo M90q (Gen 1) to use as an efficient hardware basis. This system will later replace my current one. On it, I want to set up a small number of virtual machines, mainly one for Docker and one for NAS (or set up a NAS with Proxmox itself).

My main concern right now is storage. I’d like to have some redundancy built into my setup, but I am somewhat limited with the M90q. I have space for two M.2 2280 NVMe drives as well as one SATA port. There are also several options to extend this setup using either a Wi-Fi M.2 to SATA or the PCIe x8 to either SATA or NVMe. For now, I’d like to avoid adding complexity and stick with the onboard options, but I'm open to suggestions. I'd buy some new or refurbished WD Red NAS SSDs.

Given the storage options that I have, what would be a sensible setup to have some level of redundancy? I can think of three options:

  1. ZFS Mirror using two NVMe as well as a SATA-SSD for non-critical storage. I would set up Proxmox and VMs on the same disk and mirror it to have redundancy. I could store ISOs and “ISOs” on the SATA-SSD, where no redundancy is needed, as it would be backed up to a different system anyway.

  2. Proxmox and VMs each get their own NVMe storage, non-critical storage on the SSD. Here, “redundancy” would be achieved by backing up the host and the VMs to my NAS. This process is somewhat tedious and will cause downtime if something happens.

  3. Add a Wi-Fi M.2 to SATA adapter and power two SSDs with an external power supply (possibly internal?) and install Proxmox on these.

I’d love to hear your thoughts on this. Am I being too paranoid with redundancy? I’m hosting nothing critical, but downtime would cause some inconvenience (e.g., no Jellyfin, Nextcloud, Pi-hole, Vaultwarden) until I fix it. The data of these services will always be backed up using the 3-2-1 system and I'll move to a HA system in the future when funds allow it.

EDIT: Are there any disadvantages to proxmox and the VMs being on the same disk?

 

Greetings y'all. I've been using ways to circumvent YouTube ads for years now. I'd much rather donate to creators directly instead of using Google as a middle man, needing YouTube Premium. If even pay for premium for just a add free version, if the price wouldn't be so outrageous. I've So far used adblockers, Vanced and then Revanced.

Since the recent developments in this matter, I've setup Tubearchivist, a self hosted solution to download YouTube videos for later consumption. It mostly works great, with a few minor things that bother me but I highly recommend it. ReVanced also still works, but nobody knows for how long.

The question now is, if I should use a VPN to obscure my identity to Google. I don't know if I'm being paranoid here but I wouldn't put it past Google to block my account, if they see YouTube traffic for my IP address and no served ads. Revanced even uses my main Google account, so not that far fetched.

So far, or at least to my knowledge, Google has never done this but I think they just might in the future. So I'm planning on putting tubearchivist behind a VPN via gluetun.

What do you think? I'm eager to hear your opinions on this.

I can also add my docker compose, if there's interest and when I'm back on my PC.

 

Hei there. I've read that it's best practice to use docker volumes to store persistent container data (such as config, files) instead of using bindmount. So far, I've only used the latter and would like to change this.

From what I've read, all volumes are stored in var/lib/docker/volumes. I also understood, that a volume is basically a subdirectory in that path.

I'd like to keep things organized and would like the volumes of my containers to be stored in subdirectories for each stack in docker compose, e.g.

volumes/arr/qbit /arr/gluetun /nextcloud/nextcloud /nextcloud/database

Is this possible using compose?

Another noob question: is there any disadvantage to using the default network docker creates for each stack/container?

 

Hej everyone.

Until now I've used a linux install and vpn software (airvpn and eddie) when sailing the high seas. While this works well enough, there is always room for improvement.

I am in the process of setting up a docker stack which so far contains gluetun/airvpn and qbittorrent. Here is my compose file:

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
     - NET_ADMIN
    volumes:
      - /appdata/gluetun:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=airvpn
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=
      - WIREGUARD_PRESHARED_KEY=
      - WIREGUARD_ADDRESSES=10.188.90.221/32,fd7d:76ee:e68f:a993:63b2:6cc0:fe82:614b/128
      - SERVER_COUNTRIES=
      - FIREWALL_VPN_INPUT_PORTS=
    ports:
      - 8070:8070/tcp
      - 60858:60858/tcp
      - 60858:60858/udp
    restart: unless-stopped

  qbittorrent: 
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent 
    network_mode: "service:gluetun" 
    environment: 
     - PUID=1000
     - PGID=100
     - TZ=Europe/Berlin
     - WEBUI_PORT=8070 
    volumes: 
     - /appdata/qbittorrent/config/:/config 
     - /data/videos/downloads:/downloads
    depends_on:
      - gluetun
    restart: always

My first problem was related to the ip adress. For some reason, when I use an IPV6 adress, I got this error in gluetun:

2023-10-06T17:30:42Z ERROR VPN settings: Wireguard settings: interface address is IPv6 but IPv6 is not supported: address fd7d:76ee:e68f:a993:63b2:6cc0:fe82:614b/128

Well, I removed that IPV6 and now everything works. Does anyone have a fix? :)

Now for the important part. I tested the setup with a linux iso and to my surprise - everything works. When I used ipleak.net or other websites, these websites only detect the ip from my vpn. Great.

Do I need to take any other precautions? I also bound the network interface tun0 in the qbit webui, just to be sure. When I stop the gluetun container, the webui stops working (as it should, but it is hard to check, if the download also stops). I'm just a bit paranoid because I don't want to pay coin when downloading all the isos my heart desires.

Thank you so much for any input!

view more: next ›