• 0 Posts
  • 13 Comments
Joined 1 year ago
cake
Cake day: October 17th, 2023

help-circle
  • Dual unbound servers running unbound-adblock in recursive mode with DNSSEC on, with a stubzone for my internal domain (*.lan) pointed at the dnsmasq server that handles dhcp and local DNS.

    I wanted dns redundancy so at least “the Internet” would work if I was rebooting something, which the sub zone handles very well.

    Dnsmasq is set to no upstreams, and authoritative for the domain. This gives me ddns for clients as well.

    I did look into kea for DHCP and nsd for local DNS, but kea wasn’t really ready to handle dual stack clients with the ddns updates. It was neat that you can run kea in a proper redundant config. Not sure I’d have been able to get the ddns updates to dual nsd servers working without a hidden primary, leaving me with a single point failure.






  • I’d replace basically everything with a pair of n100 based things. They’d be faster, better at transcoding, and use less power. I’d you want a bit more grunt or ram, a i3 13100.

    You have 12 hard drives, so that’s about 130watts (10-15w each). Can you consolidate down to 2 or 3 larger capacity drives?

    If you are looking for marginal gains, move pihole and home assistant to containers or tiny vms on one of the other systems.

    So i guess my recommendation, one of those chinese n100 firewall boxes, run proxmox, with *sense in a vm and pass through 2 or 3 nics, pihole and HA in containers. Build a i3 13100 based system with 64+gb ddr5, put 2, 3, or 4 large capacity drives along with a pair of ssds for guest storage. Virtualize everything else. My guess is that whole stack would idle at 50w or 60w, and could maybe draw 150w.

    You might need more gpu than the igpu in a i3 13100, but a intel A380 would cover that.


  • Not the op, but… I wish there was a simple way to centralize users, uids, gids, group membership, and maybe even ssh keys across hosts. Ideally this would be as simple as install package on new host, point at server, wait. I’d settle for managing Windows users and samba separately.

    It would also be really cool if there was some easy integration with proxmox LXCs to enable mapping a list(s) of uids/gids into unprivileged containers.

    Really long term homedirs, and windows user folders. So my kids and i could just hot desk at any computer in the house. I’d settle for just mounting a drive with their files.




  • Correct*, unless you vpn home. Please don’t run a publicly accessible dns server. It’s going to get used in a dns amplification attack.

    *And even then only for devices that use your dns server. Many iot devices have hard coded dns servers to use. And with dns-over-https (DoH) they will get pretty close to unblockable.



    1. Like everyone else, raid is not a backup.

    2. dont use hardware raid, use some sort of software defined thing, like zfs or btrfs.

    3. the last suggestion i saw for zfs that seemed credible was to use mirrored pairs of disks.

    So basically, buy a second 12tb drive, slap both in some sort of old desktop, setup truenas, and sort out a backup strategy.