Cyber

@Cyber@feddit.uk

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨What external services do you use for your selfhosting setup?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
- Lets Encrypt…
- Backblaze (for now, until I find an alternative closer to home)
- Email
⁨Comment⁩ on ⁨Jellyswarrm - reverse proxy all your Jellyfin servers from a single interface, presenting as a standard Jellyfin server, clients should work out of the box.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
🤗
⁨Comment⁩ on ⁨Docker or Proxmox? Something else entirely?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Hmm, I setup a Proxmox machine a while back because, well, all the cool kids seemed to do it - and plenty of “support” on youtube

I found Incus and it just seemed better, but it was harder to find info on (back then) and seemed a little unready

Now, I regret not sticking with my gut instinct as I’ve got to basically rip out Proxmox to get Incus in, which means all my VMs are prisoners (and us: 1 VM is Home Assistant!)

So, do you know if it’s possible to migrate my VMs across to Incus, or is it literally wipe drive, start again?

(Obviously the data in each VM can be backed up & restored into new VMs)
⁨Comment⁩ on ⁨choosing a NIC for OPNsense⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Ah, ok, good to know, thanks
⁨Comment⁩ on ⁨Am I corrupting my data?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I think you’ve misunderstood

Ok, OMV needs a separate (small) boot drive to install on (ie consider a M.2 / SSD on a USB adapter)

But, then all your (large) storage is used for the NAS.

OMV will run Docker containers, but their data would also be pointed to the large NAS storage.
```
|  Small |     Large   |
|-----------+----------------|
| OMV   | Files         |
| Docker| Data, etc |
```
⁨Comment⁩ on ⁨choosing a NIC for OPNsense⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Why the MTU change?
⁨Comment⁩ on ⁨Am I corrupting my data?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I always prefer bare metal for the core NAS functionality. There’s no benefit in adding a hypervisor layer just to create an NFS / SMB / iSCSI share

OMV comes with it’s own bare metal installer, based on Debian, so it’s as stable as a rock.

If you’ve used it before, you’re probably aware that it needs it’s own drive to install on, then everything else is the bulk storage pool… I’ve used various USB / mSATA / M.2 drives over the years and found it’s a really good way to segregate things.

I stopped using OMV when - IMO - “core” functions I was using (ie syncthing) became containers, because I have no use for that level of abstraction (but it’s less work for the OMV dev to maintain addons, so fair enough)

So, you don’t have to install docker, OMV automatically handles it for you.

How much OMV’s moved on, I don’t know, but I thought it would simplify your setup.
⁨Comment⁩ on ⁨Am I corrupting my data?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
You should have all your data separately stored, it shouldn’t be locked inside containers, and using a VM hosted on a device to serve the data is a little convoluted

I personally don’t like TrueNAS - I’m not a hater, it just doesn’t float my boat (but I suspect someone will rage-downvote me 😉)

So, as an alternative approach, have a look at OpenMediaVault

It’s basically a Debian based NAS designed for DIY systems, which serves the local drives but it also has docker on, so feels like it might be a better fit for you.
⁨Comment⁩ on ⁨Help diagnosing server freeze issue⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Definitely suspect.

You should be able to let memtest run for days with no problems, so a reboot would either be a faulty stick or possibly a faulty motherboard slot.

Swap the RAM between slots to isolate the root cause
⁨Comment⁩ on ⁨Securing a 'public' service for family⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
GeoIP blocking

You mention a firewall, but for any open ports still restrict the source IPs to limited ranges not “all”.

Personally, at my home’s edge firewall I have pfSense with pfBlocker and that uses a GeoIP database, so I can just pick the countries I want to allow in… you want to block as early as possible (ie at the VPS?), so you might have to look at options

If your family are in the same region, then it should be relatively easy to limit to a few ranges on the VPS

Here’s a quick search result: lite.ip2location.com/ip-address-ranges-by-country
⁨Comment⁩ on ⁨Looking for suggestions: Task scheduler ideally with reminders⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I have basically the same setup, but with Radicale.

Radicale is really lightweight, but quite basic - which is fine for my needs.

Out of curiosity, what pulled you to use Baikal?
⁨Comment⁩ on ⁨Router suggestions for a complete noob⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Ruckus … R500 I think (can’t check atm) from ebay.

MIMO, multiple SSIDs, etc, so work really well with the load of 2.4Ghz wifi home automation gadgets I have around the house, with 2 of us working from home on Zoom / Teams calls.

Reflash them with the “unleashed” firmware and you don’t need their controller.
⁨Comment⁩ on ⁨Router suggestions for a complete noob⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
You’ll probably need 2 devices: one actually connected to the external line (ie the modem part) and then your actual router / wifi access point(s).

Personally, I have a Fritzbox router configured into bridge mode so it just deals with the line signal and passes all the PPPoE / internet comms to a pfSense box I built (ie anything… an old thin client, new microATX, etc…)

I then have separate POE WAPs for wifi around the house, but pfSense can deal with radio drivers too if separate WAPs are too much today.

This way, if something goes wrong I can always go back to a single domestic router, keep the family happy, download anything I need to fix my setup and then move forwards again.

I like having separate components with an up/downgrade path
⁨Comment⁩ on ⁨Just a little server⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Have a look at Patrick Kennedy’s reviews on yoochoob under ServeTheHome - there’s some fantastic hardware available now

I ended up buying something from AliExpress, which I was initially reluctant to do - but Patrick’s reviews convinced me

For detailed reviews his site’s got the details from the videos: www.servethehome.com
⁨Comment⁩ on ⁨Custom remote backup⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
It depends on the sync / backup software

Syncthing uses a stored list of hashes (which is why it takes a long time for the initial scan), then it can monitor filesystem activity for changes to know what to sync.

Rsync compares all source and destination files with some magical high speed algorithm

Then, backup software does… whatever.

Back in the day on FAT filesystems they used the archive bit on each file’s metadata, which was (IIRC) set during a backup and reset with any writes to that file. The next backup could then just backup those files.

Your current strategy is ok - just doing an offline backup after a bulk update, maybe it’s just making that more robust by automating it…?

I suspect you have quite a large archive as photos don’t compress well, and +2TBs won’t disappear with dedupe… so, it’s mostly about long term archival rather than highly dynamic data changes.

So that +2TB… do you drop those files in amongst everything else, or do you have 2 separate locations ie, “My Photos” + “To Be Organised”?

Maybe only backup “MyPhotos” once a year / quarter (for example), but fully sync “To Be Organised”… then you’ve reduced risk, and volume of backup data…?
⁨Comment⁩ on ⁨Custom remote backup⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
The main point is that sync (like RAID) isn’t a backup. If ransomware got in and started encrypting all your files, how would you know / protect yourself…

There’s a lot of focus on 3-2-1 backups, so offsite is good, but consider your G-F-S strategy too - as long as this remote copy isn’t your only long-term backup option, then sync might be ok for you

So, syncthing / rsync / etc is fine… but maybe just point it to your monthly / weekly / daily backup folder(s) rather than the main files?

You also had some other suggestions I think, like zfs / btrfs snapshots… which would be a point in time copy of your files.

Or burn the photos to DVD / Bluray and store them at the other location? No power requirements there…
⁨Comment⁩ on ⁨Custom remote backup⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Wake on LAN won’t work remotely, so you’d either need to have access to a VPN at their location, or have a 2nd always on device that you can connect to and that could then WoL to your device… or… get a device with an IPMI which you remote into. (All non-VPN forms of remote connection are open to abuse)

I suspect (guess) you’re not going to be able to setup a VPN, so perhaps an always on pi is going to be necessary - so maybe it’ll be that with drives set to spin down when idle?

OpenMediaVault was my preferred choice until everything went docker on it which was getting too complex for a NAS… so I just created my own, which powers on at certain times of the day and off again when CPU / network IO was low enough.

Data transfer with syncthing is great, but I don’t really recommend sync for snapshot backups… (consider your files are all corrupted, it’ll happily sync those corruptions) but I have enough space for a few versions of my files, so in theory I can roll back, but it’s cetainly not a Grandfather, Father, Son strategy.
⁨Comment⁩ on ⁨Calendar app⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Not sure why you’ve been down voted - I think the fossify apps are really good.

I even contribute towards their app development
⁨Comment⁩ on ⁨Calendar app⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Vivaldi has a CalDav Calendar built in.

If you’re open to that possibility, I’ve been using it on both Windows and Linux laptops and works well with my radicale server.
⁨Comment⁩ on ⁨The Way Ubuntu Boots on Raspberry Pi is Changing⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Ansible is an automation tool to setup systems to a known desirable end state.

TBH, for a single device, it’s overkill, but you seem like someone who keeps good notes and has some custom files to copy across… you could convert your setup note into an Ansible file, and it will also copy over your custom config files.

For Ansible you define the desired outcome and it does “all” (kinda) the work for you… so… say you want Apache, MariaDB and PHP, it doesn’t matter if half are installed already, or not, or their dependencies - you just say:

Do an update Install packages: A B C Copy my config files over Start the services Relax

Yep, it’ll take 10 times as long to get it working up front, but the day you want to duplicate it / start on a fresh Pi / VM, it’s all there for you.

I use it to setup all my Pi Zeros thr same way (they’re doing BLE presence detection) and for their regular updates

I’ve also got some VMs setup that way

But… I tried it on a laptop and as it’s a single device I just ended up setting it up manually and now the ansible script is woefully out of date… just some balanced feedback.
⁨Comment⁩ on ⁨The Way Ubuntu Boots on Raspberry Pi is Changing⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Thanks. No need for the setup notes (but thanks for the kind offer), it was more about the experience, but I think you’ve already answered my question with less surface area (I do have 1 Pi that’s internet facing for Radicale)

Have you looked at Ansible? That might also cover what you’re trying to do.
⁨Comment⁩ on ⁨The Way Ubuntu Boots on Raspberry Pi is Changing⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I went with Arch Linux on ARM for a minimal approach - did you try that?

Genuninely interested in your experience of Alpine Linux as I’d not considered it on a Pi (only VMs so far…)
⁨Comment⁩ on ⁨What else should I self-host?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
If you’re just looking for something to chew up CPU cycles and don’t know what to host, consider something like BOINC where you’re “self-hosting” (extremely loose term) scientific research, like cancer, new drugs, etc.
⁨Comment⁩ on ⁨Photo management - storing friends' photos⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
If they’re sharing it with me, then sure, I’ll add it to the folder for that party, holiday, event

Immich would scan it and faces are taken care of and if there’s metadata in there, great, if not, dunno if I could be bothered to edit it… maybe date stamp if that was wildly off.
⁨Comment⁩ on ⁨Photo management - storing friends' photos⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I commented elsewhere here, but E2E encryption is just between the server and the end user (ie a VPN)

You’re thinking about encryption at rest, on the storage.

Immich would have to setup a whole new design to be able to store all the metadata on a per-user basis… but… you could have multiple Immich instances if you were to host it for your friends, but I think we’re drifting into “why bother” now…
⁨Comment⁩ on ⁨Photo management - storing friends' photos⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Well… E2E is still feasible, that’s your VPN for example.

Encryption at rest is where de-dupe, search, etc, can break.
⁨Comment⁩ on ⁨You Should Run a Certificate Transparency Log⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I guess this is mainly targeted at Universities and organisations that mirror repos?

They’re the kinda place (I presume) that would be able to support this…
⁨Comment⁩ on ⁨Let’s Encrypt Begins Supporting IP Address Certificates⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Is that the same i as the squareroot of -1?
⁨Comment⁩ on ⁨How to combat large amounts of Ai scrapers⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
If you’re able to, use GeoIP ranges to only allow access from the countries you want.

That immediately limits a lot of everything

Then - again if you’re able to - use a block list that covers known scrapers in case they’re in your country.

I use pfBlockerNG on my pfSense firewall for exactly this.
⁨Comment⁩ on ⁨Just a small question.⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Take a backup and go for it.

Personally, I ditched OMV for standard Arch Linux and just added the packages I wanted…