Cynyr36

joined 11 months ago
[–] [email protected] 1 points 9 months ago

Dual unbound servers running unbound-adblock in recursive mode with DNSSEC on, with a stubzone for my internal domain (*.lan) pointed at the dnsmasq server that handles dhcp and local DNS.

I wanted dns redundancy so at least "the Internet" would work if I was rebooting something, which the sub zone handles very well.

Dnsmasq is set to no upstreams, and authoritative for the domain. This gives me ddns for clients as well.

I did look into kea for DHCP and nsd for local DNS, but kea wasn't really ready to handle dual stack clients with the ddns updates. It was neat that you can run kea in a proper redundant config. Not sure I'd have been able to get the ddns updates to dual nsd servers working without a hidden primary, leaving me with a single point failure.

[–] [email protected] 1 points 9 months ago

For future redditors, since i had no clue what this was.

Dockge A fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager.

[–] [email protected] 1 points 10 months ago (2 children)

I'll see if i can find it when I'm not on mobile, but there was a list floating around of low power builds. I think it was from a German forum.

[–] [email protected] 0 points 10 months ago (4 children)

I'd replace basically everything with a pair of n100 based things. They'd be faster, better at transcoding, and use less power. I'd you want a bit more grunt or ram, a i3 13100.

You have 12 hard drives, so that's about 130watts (10-15w each). Can you consolidate down to 2 or 3 larger capacity drives?

If you are looking for marginal gains, move pihole and home assistant to containers or tiny vms on one of the other systems.

So i guess my recommendation, one of those chinese n100 firewall boxes, run proxmox, with *sense in a vm and pass through 2 or 3 nics, pihole and HA in containers. Build a i3 13100 based system with 64+gb ddr5, put 2, 3, or 4 large capacity drives along with a pair of ssds for guest storage. Virtualize everything else. My guess is that whole stack would idle at 50w or 60w, and could maybe draw 150w.

You might need more gpu than the igpu in a i3 13100, but a intel A380 would cover that.

[–] [email protected] 1 points 10 months ago (1 children)

Not the op, but... I wish there was a simple way to centralize users, uids, gids, group membership, and maybe even ssh keys across hosts. Ideally this would be as simple as install package on new host, point at server, wait. I'd settle for managing Windows users and samba separately.

It would also be really cool if there was some easy integration with proxmox LXCs to enable mapping a list(s) of uids/gids into unprivileged containers.

Really long term homedirs, and windows user folders. So my kids and i could just hot desk at any computer in the house. I'd settle for just mounting a drive with their files.

[–] [email protected] 1 points 10 months ago

Whenever there is a proxmox kernel update. Every few years to dust them If i get new hardware.

[–] [email protected] 1 points 10 months ago

I'm running proxmox + lxc for samba. Works fine. I'd say the decision is do you want a server that moonlights as a nas, or a nas that moonlights as a server.

I have not tried trunas (scale or core), i have data on an existing mdraid setup that i knew i could get working with proxmox.

[–] [email protected] 1 points 10 months ago (1 children)

Correct*, unless you vpn home. Please don't run a publicly accessible dns server. It's going to get used in a dns amplification attack.

*And even then only for devices that use your dns server. Many iot devices have hard coded dns servers to use. And with dns-over-https (DoH) they will get pretty close to unblockable.

[–] [email protected] 0 points 10 months ago (3 children)

unbound adblock is what I'm using. Hand it a couple of pihole lists and it fits the same thing without the fancy gui.

[–] [email protected] 1 points 11 months ago

I'm running transmission in daemon mode with the web gui enabled. There is "transmission-remote" on app stores to connect to it from your moble device. You should be able to continue using it with the *arr stack later as well.

view more: next ›