tvcvt

@tvcvt@lemmy.ml

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Run a NAS OS on an old Compaq laptop?⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Sure. For full disclosure, I also run separate compute and storage. I do think separating storage from a compute cluster can be a good option, but not necessarily for the use case described in the original question.
⁨Comment⁩ on ⁨Run a NAS OS on an old Compaq laptop?⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
I’d recommend against separating storage and compute in most small environments. Separating them means you suddenly have higher latency and less bandwidth between your data and whatever you want to do with it. Sure, there are good reasons to do it (centralizing storage for multiple nodes, for example), but go into with your eyes open to the trade-offs.
⁨Comment⁩ on ⁨E-Mail with own domain⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Excellent advice on Lucas’s book!

Another email provider that I’ve used for years and have had good experiences with is Zoho.
⁨Comment⁩ on ⁨Tips for moving from TrueNAS to Debian for a NAS?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Here’s one more opinion for you.

Running a NAS on Debian is a great idea if you don’t mind being responsible for all of the details that TrueNAS abstracts away. One thing I’d consider in your shoes is to use Proxmox VE rather than vanilla Debian. I say this because PVE uses a kernel with ZFS built in, so there’s no fiddling with DKMS to get it to work; it just treats it as a first-class file system (including on root). Having said that, either is a perfectly good choice.

If you want a UI, I’d heartily recommend Cockpit, which is included in the repos (just apt install cockpit). If you go the PVE way, you’ve got a couple options. You could either virtualize your existing TrueNAS, passing through the disks or (and this is my preference) let the host handle all the ZFS stuff and create an LXC container that just deals with filesharing. You’d bindmount a directory from the host that could be shared out via SMB and this is where I’d use Cockpit to manage the shares.

The PVE route makes adding VMs and containers pretty quick. I haven’t run into any issues passing through a GPU to either a VM or LXC, which can then be used inside a docker container.

In answer to the common pitfalls question, I think the biggest thing I see is that it’s important to document exactly what TrueNAS is doing for you. Did you encrypt the ZFS pool? Make sure you have the keys to unlock it and arrange for your next OS to do so gracefully. Are you managing snapshots and replication in TrueNAS? Document and adapt that. Something like sanoid/syncoid can manage this on a Debian system. How about monitoring? Don’t forget to set up notifications for disk failures. Any other services you’re using? NFS, iSCSI, cronjobs? Take care notes of everything because that’s the stuff that’ll be easy to miss if you jump straight to overwriting your old boot disk.
⁨Comment⁩ on ⁨Reverse Proxy: a single point of failure in my lab⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
The way I handle this is to have two VMs running in separate hosts, each running my reverse proxy along with keepalived. I resolve my subdomains to the keepalived shared address and then keep the reverse proxy config in git with a cron job to pull updates.
⁨Comment⁩ on ⁨moved from truenas core to scale a month or two ago, and it's been a struggle. anyone else having issues running a truenas scale VM under proxmox? ⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
If I remember correctly, that was largely in consideration of the large corpus of docker-packaged projects that could be used as a pre-built app ecosystem. That makes a lot of sense for anyone who really wants an appliance-like all-in-one system with minimal setup.
⁨Comment⁩ on ⁨moved from truenas core to scale a month or two ago, and it's been a struggle. anyone else having issues running a truenas scale VM under proxmox? ⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
That’s certainly true in terms of TrueNAS Core, but FreeBSD itself is quite active (15.0-RELEASE dropped this month), as are the others BSDs.
⁨Comment⁩ on ⁨moved from truenas core to scale a month or two ago, and it's been a struggle. anyone else having issues running a truenas scale VM under proxmox? ⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I’m not sure what it is, but Scale has never thrilled me. I’ve tested it a couple times and I just didn’t get along well with it. I’ve tested know Jim Salter (practicalzfs.com) has frequently recommended XigmaNAS as a strong (albeit less pretty) alternative to TrueNAS. I did some tests with that as well and it seemed perfectly fine. In the end I decided that when I migrate off of Core this winter, it’ll be to a bare metal FreeBSD system. I’m using it as an excuse to better learn that ecosystem and to bone up on ansible, which I’m using to define all of my settings.
⁨Comment⁩ on ⁨Where can I learn about networking?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
There’s lots of good stuff on YouTube, including from David Bombal and Jeremy Cioara. If you’re more of a listening-while driving person, years ago the Security Now podcast did a “how the internet works” series that gives a terrific overview of the TCP/IP stack (it’s from 2006, but it’s still very applicable). And if you like to read, Michael Lucas just released a “Networking for Sysadmins” book, which is excellent.
⁨Comment⁩ on ⁨Proxmox Backup Server: Bare Metal vs. Privileged LXC vs. VM?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Sure thing—autofs is a pretty cool utility and it works with SMB as well.

If the storage isn’t present for PBS, the backup would fail. There are files inside the directory that PBS will notice are missing.

Mounting the NFS export in the PVE host is the simplest way to get shared storage into an LXC container. You have to fight apparmor to mount NFS or SMB inside the container directly.
⁨Comment⁩ on ⁨Proxmox Backup Server: Bare Metal vs. Privileged LXC vs. VM?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
No, I used an unprivileged container and I set the permissions on the NFS server to accommodate that.
⁨Comment⁩ on ⁨Technitium DNS v14 is released with support for clustering⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
I use it like I might use unbound or dnsmasq, but I’d think of it more like bind. It’s can be used as a recursive or authoritative resolver. It supports all kinds of protocols (DOT, DOH, DNSSEC, etc). Handles zone transfers easily. It’s pretty slick. Definitely worth a look
⁨Comment⁩ on ⁨Proxmox Backup Server: Bare Metal vs. Privileged LXC vs. VM?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
If you’d like some separation, one option is to create a VM on TrueNAS for PBS that connects to an NFS export where all the data would be stored.

What I did in this scenario is an LXC container running PBS, which uses a bindmount for storage. That bindmount is populated via an NFS export from my NAS, mounted on the PVE host using autofs so that if it disconnects, it will reconnect as soon as it can.
⁨Comment⁩ on ⁨Technitium DNS v14 is released with support for clustering⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Technetium is a recursive DNS resolver with a nice web UI. If you’re familiar with PiHole or AdGuard Home, you can think of it in that genre, but much more full-featured.
⁨Comment⁩ on ⁨self hosted calendar + events management and booking platform which has embaddable widgets for websites?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
If you haven’t already, check out the Awesome Open Source page’s Booking and Scheduling section.
⁨Comment⁩ on ⁨Immich camera lens info⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
That metadata is written into the photo by the camera, so Immich may not be able to accommodate this easily. Not sure about Canon specifically, but my Nikon cameras have a memory bank for manual focus lenses. Might be worth checking through your menus.
⁨Comment⁩ on ⁨Why do I need a domain to access my Funkwhale library but not SyncThing?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
The two pieces of software have very different topologies.

In very broad strokes: Something like FunkWhale uses a server-client model. To get to it, you connect to it remotely and you need some way to get there. By contrast Syncthing behaves as a mesh of nodes. Each node connects directly to the other nodes and the syncthing project folks host relays that help introduce the nodes to one another and penetrate NAT.

No, you may not need a paid domain to use your self-hosted FunkWhale server (I haven’t dabbled with that service in particular). There are a few options.
1. You could probably use the direct public IP address or alternatively
2. Use a dynamic DNS provider (like afraid.org) to resolve your IP address
3. Use a VPN on all of your clients and use local DNS to resolve your FunkWhale server’s local IP address.
These all assume that you have a public IP address on your router and not one that’s being NAT-ed by your ISP.

Again, these are very broad strokes, but hopefully it helps point your in a direction for some research.
⁨Comment⁩ on ⁨What's the real danger of opening ports?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
There’s definitely nothing magic about ports 443 and 80. The risk is always that the underlying service will provide a vulnerability through which attackers could find a way. Any port presents an opportunity for attack; the security of the service is the is what makes it safe or not.

I’d argue that long tested services like ssh, absent misconfiguration, are at least as safe as most reverse proxies. That doesn’t mean to say that people won’t try to break in via port 22. They sure will—they try on web ports too.
⁨Comment⁩ on ⁨[Question] Visual feedback of my Linux homelab setup/system?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I’m not sure if this what you’re after, but it sounded to me that you were describing monitoring. Might be worth your checking out librenms or zabbix or checkmk. Those would give you a good overview of the health of your stuff and keep track of what’s where.
⁨Comment⁩ on ⁨Proxmox Rclone Mounts in LXC⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I’m not familiar with Zurg, but the WebDAV connection makes me recall: doesn’t LXC require that the FUSE kernel module be loaded in order to use WebDAV?

I’ve also seen it recommended that WebDAV be setup on the host and then the mount points bind mounted into the container. Not sure if any of that helps, but maybe it’ll lead you somewhere.
⁨Comment⁩ on ⁨What I host myself⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
That’s a great tip. I’d completely forgot you can use telnet for that. Thanks!
⁨Comment⁩ on ⁨What I host myself⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Thanks for the response. I really should just dive in, but I’ve got this nagging fear that I’m going to forget about some DNS record that will bork my entire mail service. It good to hear about some working instances that people are happy with.
⁨Comment⁩ on ⁨Getting Started with Proxmox⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Tainted in that the kernel and ZFS have different licenses. Not a functional impairment. I have no way to check to check a system not using ZFS. For my use case, Debian plus ZFS are PVE’s principal features.
⁨Comment⁩ on ⁨What is the current state of Matrix?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I have synapse server running in docker on a VPS and it’s been pretty reliable. At my office I use it as sort of a self-hosted Slack replacement. For our use case, I don’t have federation enabled, so no experience on that front. It’s a small office and everyone here uses either Element or FuzzyChat on desktop and mobile. I’ve got SSO set up with Authentik and that’s worked very well. Happy to share some configs if that would be useful.
⁨Comment⁩ on ⁨What I host myself⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Have you by any chance documented your PMG set up? I’m also a very happy Mailcow user and spinning up PMG is something I’ve been meaning to tackle for years so I can implement archiving with mailpiler, but I’ve never really wrapped my head around how everything fits together.
⁨Comment⁩ on ⁨Getting Started with Proxmox⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Ceph isn’t installed by default (at least it hasn’t been any time I’ve set up PVE) and there’s no need to use ZFS if you don’t want to. It’s available, but you can go right ahead and install the system on LVM instead.
⁨Comment⁩ on ⁨Fresh Proxmox install w/ full disk encryption—so install Debian first, then Proxmox on top?⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
I think you can do the same with LUKS (cyberciti.biz/…/cryptsetup-add-enable-luks-disk-e…) if that’s your preferred route.
⁨Comment⁩ on ⁨Fresh Proxmox install w/ full disk encryption—so install Debian first, then Proxmox on top?⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
Another idea for you: if you use ZFS for the install, check Debian directions on OpenZFS or zfsbootmenu and you’ll get directions for an encrypted installation. You’ll be able to specify the path to a key file, which you can keep on a thumb drive. When the machine boots up, it’ll see the thumb drive and decrypt the zpool automatically; yank the thumb drive and it won’t (backup the key of course).
⁨Comment⁩ on ⁨First file server⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
The answers for this will vary widely, but the thing I think many people overlook when planning out expenses is a plan to back up the data. Having the file server is great, but start planning now for what to do when it breaks. Where will backup copies of your data live and how will you restore it?

As to the server itself, the hardware completely depends on your desires. Some like second hand enterprise gear; others prefer purpose-made home NAS devices or a DIY rig. On the software side my thought is keep it simple if you’re starting up. There are good readymade options (TrueNAS, XigmaNAS, openmediavault, unraid, etc). They’re all great and they help get up and running quickly. They also have a lot of tempting knobs to turn that can cause unexpected problems if you don’t fully understand them.

To my mind file servers have to be reliable above all else, so I’d avoid running anything besides file sharing on your server until it’s running like a top and then only add more layers one at a time.

Sorry for all the philosophy, but I really do think this is a common stumbling block for people getting started.
⁨Comment⁩ on ⁨If Nothing is Exposed, Am I Safe?⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
You ever see those Wired videos where they talk about a concept on five different levels ranging from beginner to expert?

The first level answer is likely that, yes, you’re reasonably secure in your current setup. That’s true, but it’s also really simplified and it skips a lot of important considerations. (For example, “secure against what?”) One of the first big realizations that hit me after I’d been running servers for a little while and trying to chase security is the idea of a threat model. What protects me from a script kiddie trying to break into one of my web servers won’t do much for me against a phishing attack.

The more you do this, though, the more I think you’ll realize that security is more of a process than an actual state you can attain.

I think it sounds like you’re doing a good job moving cautiously and picking up things at each step. If the next step is remote access, you’ve got a pretty good situation for a mesh VPN like Tailscale or Netbird or ZeroTier. They’ll help you deal with the CGNAT and each one gives you a decent growth path where you can start out with a free tier and if you need it in the future, either buy into the product or self host it.