TheHolm

TheHolm , 19 days ago

Stay with TP-Link. Ubiquity done some strange things recently.

TheHolm , 19 days ago

I do not see why it will cause any problems with exception of stacking mapping layer. I wonder can LVM do it natively without adding intermediate block device of 2 x 2G?

TheHolm , 27 days ago

Why create yourself a headache and still get substandard and no-warranty drive. If you want cheaper drives go for reconditioned/refurbished/used drives. Same risks, better product. Old enterprise SAS drives are cheap and many still have plenty of heath in them.

TheHolm , 19 days ago

Many sells, some just wipe them, some just contains encrypted data. If you happy with just used drive eBay is full of surprises.

TheHolm , 27 days ago

Some diagram would help. Are you trying to use your server as a switch?

TheHolm , 1 month ago

Do you plan to compress video ( which generally already compressed format) when saving to remote location? I do not see use case for it, as you ether use lossless compression and not compressing it in any meaningful way, or just re-encode to different format and loose quality. Second option is simpler to achieve by re-encoding before sending out.

TheHolm , 1 month ago

Yes, it will. Will it make any difference for you, depends of what are you doing. I would not use surveillance drive in to server, they are way too specific. Outside of that prices is pretty much same per TB/(Warranty Year) accross the board.

I done some excessive research couple of years back on the topic. you can find it here blog.holms.place/…/hdd-storage-cost-comparation-m…. I do not think situation have changed match since than. Price per TB/Year is nearly constant past 8GB size.

Also consider looking to re-certified drives, or even refurbished drives. you may save hips on them. But it depends on how much you value your data, how much redundancy in you storage pool and how good your backup strategy.

TheHolm , 1 month ago

Syncthing sync files, it is all does.

TheHolm , 1 month ago

Usually just plug/unplug couple of times is enough. No fancy chemicals.

TheHolm , 1 month ago

Look to other orchestrations solution too, like SALT. If you need to manage a lot of servers it is live saver. Setting up is only first step.

TheHolm , 1 month ago

Run long smart test on the disk and check smart data after that. Other possibility is ZFS pool is nearly full.

TheHolm , 2 months ago

Depends what are you doing. Something like keep base os patched is pretty much nil efforts. Some apps more problematic than others. Home Assistant is always a pain to upgrade and something like postfix is requires nearly 0 maintenance.

TheHolm , 2 months ago

circular dependency seems to be the case. I guess adding second external resolver to /etc/resolve.conf will help. Second entry will not be used unless first one ( pi-hole) is responding. But it need to be tested.
BTW, why do you want to send host’s DNS via pihole?

TheHolm , 2 months ago (edited 2 months ago)

what exactly do you mena under subdomains? Any DNS provider will support adding NS entries for subdomains if you want to host you sub-zone somwhere, And any should allow you to use names with “.” in it for “fake” subzone, like
a.subzone1 IN A x.x.x.x
a.subzone2 IN A y.y.y.y

TheHolm , 2 months ago

Try VyOS. I run it on APU2 myself. No GUI no convolution.

TheHolm , 2 months ago

Open source projects need to make money somehow. I found VyOS method quite acceptable. They giving good instruction and tools to build your own stable ISO. So do not be lazy or contribute somehow. Unfortunately their paid support costs too much. I was considering trying to push VyOS to be used as virtual router at my work, but it costs more than Cisco C8000v

TheHolm , 2 months ago

nope, it is very deeply customized debian. Need to be installed from scratch.

TheHolm , 3 months ago

Very strange line from specs.
USB Driver Windows XP/7/8/10/11, Linux (driver free on Raspberry Pi Raspbian system)
Does it mean binary blob driver only? and you need to pay for it to use it on PC?

TheHolm , 3 months ago

using wildcards is really bad security practice. and at age of ACME absolutely unnecessary.

TheHolm , 3 months ago

If you still use HTTP for cert verification on ACME, you are doing it wrong. Use DNS-01 only, there is no need to allow any inbound traffic to your servers. and HTTP will not give you wildcard anyway.

TheHolm , 4 months ago

Stable is not “pay only” . Just build it yourself, all tools are available. it will take 30 minutes of your time if you have docker environment ready.

TheHolm , 4 months ago

VyOS: Debian based router + firewall. Linux makes it easier for people to pick up the CLI but I’ve heard complaints about it being difficult to follow. Currently CLI only, at least without third-party solutions, but is powerful and competes directly with OPNsense for features for the most part. Seems to be just as stable. my mistake, FOSS version is not LTS but a rolling release and needs to be compiled.

Very misleading statement. Both rolling and LTS are FOSS, they just do not provide LTS binaries for free. Want LTS? build it yourself , all tools and guides(bit outdated) is out there. It will took 30 min you your time to setup.

TheHolm , 4 months ago

Sorry, what do yo want to know? IT just a linux based router pretended to be a juniper FW. NAT/IPv6/PPPoE/VRFs are working as expected.

TheHolm , 4 months ago

No HA. Classic HA is evil, shared control plane is good way to loose both FWs. Need redundancy use 2 independent FW + routing protocols. Losing session states during fail-over is not a big problem these days. I did in-place upgrades, but I’m running LTS and not yet done any major version upgrades. So far no problems.

TheHolm , 4 months ago

Nothing can beat bhyve for PFSence.

TheHolm , 4 months ago

All of them not equate in same league. Do you know any type 1 free supervises out there? Xen probably.

TheHolm , 4 months ago

Are you running it natively as “jail” ?

TheHolm , 4 months ago

Do not try to host outbound mail on residential IP blocks, delivery will be really bad. Cheap VPS is same story. You best bet is VPS from some not well know provider, they may be avoid to be in blacklist in M$ and Google. Inbound mail is fine anywhere as so long as you can have port 25 open. DDNS works too.

TheHolm , 4 months ago

I do not understand why everyone calling hosting email difficult? IT is like 5 RFC you need to read and implement. Sofware wise you will need mail agent, something for DKIM ( if it not build in in agent), “local delivery agent” ( probably presenting it as IMAP) + mail reader of your choice. Nothing too complex

TheHolm , 4 months ago

Can you promise a near 100% uptime? Otherwise, some email might not reach you. Just lol. Mail get queued just fine by everyone. If you really concern , setup second MX.

TheHolm , 5 months ago

Just weight your risks. Old drives can fail early, and enterprise drives consume more power. Old drives probably not for mirrors or RAID5. RAID6 and spare HDD on shelf may save your data one day. It is a lottery.

TheHolm , 5 months ago

Specks lookg good, Intel NIC, semi decent CPU. I would say it is even overspec for a router.

TheHolm OP , 6 months ago

Thank you. Intel now offer ECC on top processors like i7 and i9. It is a news development. Now biggest problem is to find motherboard supporting ECC.

TheHolm OP , 6 months ago

It is an option. But used from Ali? I’m not sure that I would trust them with my data.

TheHolm , 6 months ago

could you please elaborate? what is SFF hardware?

TheHolm , 6 months ago

Try other container technologies lie LXC or go right side and play with FreeBSD jails. Quality of dockers you can find around is horrendous, giving that Docker itself build for convenience not security. It is not something I will trust.

TheHolm , 7 months ago

HIkvision is great. Good value for money. Just do not use the app to configure them, use web gui. And yes, they need to be isolated from rest of network and the internet ( as pretty much any cameras).

TheHolm , 7 months ago

Just get VPS and use it to bounce traffic between nodes.

TheHolm , 8 months ago

But it usably getting dry over time and you can’t remove it cleanly.

TheHolm , 8 months ago

Blu Tac?

TheHolm , 8 months ago

Is it tame for selfhosted to switch to DANE?

TheHolm , 8 months ago

Symphonium is another good mobile client.

TheHolm , 8 months ago

you can always add Makefile to traverse directories.

TheHolm , 8 months ago

Do not access volumes directly on filesystem. path may change. If you need access data on a volume just spawn temporary container an mount that volume.

TheHolm , 8 months ago

Damn, I’m doing *nixes for nearly 30 years. But never went to that level of minimalism. Nice trick.