Wasn't that the strategy with COVID?

Just don't test anyone so the numbers stay low?

I recently upgraded my lab, it used to be an R710, and a pair of nodes from a c6100. Because that stuff was so old, I managed to cram all the VMs I was running onto a single FC630 node on a shiny, new (to me) Dell FX2s.

I really want to get a transcoding GPU, but passing out through to a VM has historically been infeasible, and now, it's complicated at the very least.... At least for Nvidia GPUs. I've been looking at the Intel discrete GPU lines for the task recently. I'd sure like to grab a flex 140, but looking at the prices right now, ha, that's not happening anytime soon. With the FX2s I can only install single-slot half height cards, so options are limited. Front runners right now are the Nvidia P4 and T4, and the Intel ARC A380, with a modded cooler so it's single slot. My only other option is to find some way to use the existing PCIe interfaces to attach an external GPU, but eGPU enclosures are pretty expensive too and most don't even come with a GPU.

I'm trying to stay away from thunderbolt, so if I go external, I'll probably look at either Oculink, or something similar. TB is just way too expensive IMO. I looked into it and the whole setup, a TB PCIe card, TB eGPU enclosure, and a GPU is something like 40-50% more expensive than using a different solution. I'd prefer everything just fits in the server chassis, but then I'm banging my head off of Nvidia or modding Intel ARC cards. None of these are very appealing.

So CPU transcoding for now. I store all my media in 720p AVC/AAC using MP4 as a container, so most streams are direct, and I did that very much on purpose.

These kinds of split DNS routing issues are something I've struggled with for a while. From my experience, you have basically two options, and depending on your specific situation only one might be viable.

The first option, which may or may not be available to you, entirely relies on what your router can do. Bluntly, if you use the ISP provided router, you're probably SOL, if not, you have a chance. Higher end (and/or enterprise class) routers and firewalls generally have sufficient features with a few exceptions. The feature you need to use is called hairpin NAT, though, it will pretty much never be called that in your NAT settings, so you'll need to Google your router and the term "hairpin NAT" to figure out if it can be done and how to do it. To describe what it is, let's start with basic port forwarding and adapt from there. I think most people know how port forwarding works: a connection to the external (or WAN) connection on a port is forwarded to an internal IP and port. Hairpin NAT is the same but from inside (the LAN port) basically if a connection from the LAN is destined for the WAN interface IP address, it will forward the connection to an internal (LAN) IP and port. This works alongside regular port forwarding, not instead of it.

If your router/firewall doesn't support hairpin NAT, you're going to be limited to plan B, DNS.

With bifurcated DNS, you're going to have some frustrations if anything changes, so like with all of your port forwards, you'll want to lock down the IP of your target system. With port forwards, it's bothersome to update, but not unreasonable. With DNS, it's really not fun. It's just that much more inconvenient, since you now need to update port forwards for external connections you need to update DNS too. Not great.

So how do you do this? It's actually not super hard. As far as I know, you can use pihole (which does not require a raspberry Pi, by the way), or any other DNS server system that tickles your fancy. I use bind, but the actual DNS software isn't super important, it just needs to support forwarders, and custom entries in the config, which I believe both do. Pihole or similar options can do DNS based ad blocking, I'm not a fan of that, but do what you want.

So the next step is to set up DNS internally. Get your DNS software of choice, and either buy a raspberry Pi to run it (bind is also compatible with the pi), or run virtual machines, or stand up an old PC for it. Install whatever os you feel comfortable running the software on, I always use Linux, but as long as your chosen software runs on the OS, it doesn't matter much. Give the system a static IP and install everything.

Once setup, if you own a domain, you can set an A-record for your service (in your case jellyfin), say "media.domain.com" pointing to your server for that service internally. Update your global DNS to point media.domain.com to your WAN IP.

For me, I use bind on a raspberry Pi. To make management easier, I also installed webmin, which allows management of the bind configuration on a web interface.

For bonus points, do it all over again and build a second one.

And don't forget to set up forwarders on your internal DNS so they can resolve internet addresses. Pro tip, use the DNS benchmark tool from GRC.com to find the fastest DNS servers for you.

If you want to go crazy, like me, build a third DNS server for all your internal lab stuff on a different domain, like "homelab.local" (it can be anything), and create a stub zone for it on your primary DNS that points to the lab DNS. That way, any "homelab.local" names, like, media.homelab.local or something, can be setup once on your dedicated homelab DNS server, and the other two will simply point to it via the stub zone.

I always recommend finding fast DNS servers to use internally, and I always recommend that if you're using internal DNS, you have at least two of them.

Last, but not least, after all of that effort, confirm that your fancy new DNS works (good luck with any troubleshooting you might need to do), and update DHCP to point clients at the internal systems for DNS resolving.

Easy, simple, barely an inconvenience, right?

I've gotten a lot better about it over the years, but this is good advice for anyone still in the situation.

I'm in this comment and I don't like it.

Several times I would end up in a situation where I'm talking to someone and they mention something that peaks my interest. After that encounter, I would go home and furiously research the topic of interest becoming, essentially, a "prosumer" overnight in the subject.

The next time I see that person, I'd talk about that subject and I would have so much more knowledge than they do that I'd talk over their head.

Oh well.

I believe I've seen this movie before.... Anyone remember Ontario Hydro?

and break a window instead.

Exactly why I don't fret too much on it. I replaced all the locks on the outer doors with a keyed alike set from someone similar to kwikset. I think it's a "local" rebrand of the same stuff, complete with the smartkey/rekeying system. I'm not a fan, but honestly, the doors aren't going to stand up to someone determined to get in, and there's ground floor windows.... So...

I just needed a starting point from someone who knows enough about this stuff that they can point me in the right direction, without having to do a ton of research (which is what I would have to do). If I can start somewhere instead of just googling blindly, that will save me a ton of effort.

The unifi access platform uses a small door entry controller that basically just has options for no/nc relays that flip when the door unlocks. It's supposed to be used with an electric strike, but I don't know of any electric strikes that work with deadbolts, at least, not without remortgaging my house. So I'd rather just set up an electric deadbolt, and rig it with a sensor that will only extend the deadbolt if the door is actually closed (so the deadbolt doesn't extend when the door is wide open).

That system also supports maglocks which I also think is overkill for home use. So I'm a bit torn on it. But that's all just decisions to be made.

The missing piece is how to secure the front door, which basically only has a deadbolt for security the door knob doesn't have a key. The latch is just to hold the door closed when the lock isn't engaged. Rather than rip out everything, I'm looking to just focus on the lock.

Anyways, that's a lot of backstory that nobody asked for. I appreciate lead. I'll look into everything that you mentioned. I appreciate it.

I'm not OP, but I've been trying to figure this out for a while.

I've been looking for something smart integrated as a deadbolt, or some kind of electronic deadbolt that can be wired to a relay to open/close.

Any suggestions on where I should look?

My ultimate goal would be to integrate it into something akin to the unifi access platform. I'm not 100% on using that specifically, but something similar. This is for my home, key bypass would be nice (as long as it's not easily pickable).

Security is #1 for me, but I'm hoping to build out something a bit more convenient.

I'm in IT, so the back end should be pretty trivial for me to build and implement.

Thanks

The tips go to the owner.

Jeez. I'm tempted to send you my old Dell R710. It'll at least work. The system is pretty bulletproof.

You can generally get something newer with lower power requirements for cheap.... So I won't, but still.

You only had one? You fool!

You can do whatever you want. Don't let anyone tell you it's "wrong". A big part of homelabbing is to try stuff. If it doesn't work, that's fine, you learned something, and that was the point.

For me, I don't see a UPS as essential. It's generally a good idea, but not strictly essential. My servers are on 24/7, because I have services that do things overnight for me. I also know that some people access my lab when I'm not awake, so I just leave it on so it can be ready for anything at any time. It poses some unique challenges sometimes when running stuff that's basically 24/7/365.

Be safe, have fun, learn stuff.