homelab
-
Updates vs. version pinning in Docker-based homelab
I'm running a Docker-based homelab that I manage primarily via Portainer, and I'm struggling with how to handle container updates. At first, I had all containers pulling latest, but I thought maybe this was a bad idea as I could end up updating a container without intending to. So, I circled back and pinned every container image in my docker-compose files.
Then I started looking into how to handle updates. I've heard of Watchtower, but I noticed the Linuxserver.io images all recommend not running Watchtower and instead using Diun. In looking into it, I learned it will notify you of updates based on the tag you're tracking for the container, meaning it will never do anything for my containers pinned to a specific version. This made me think maybe I've taken the wrong approach.
What is the best practice here? I want to generally try to keep things up to date, but I don't want to accidentally break things. My biggest fear about tracking latest is that I make some other change in a docker-compose and update the stack which pulls latest for all the container in that stack and breaks some of them with unintended updates. Is this a valid concern, and if so, how can I overcome it?
-
Seeking help for a silly FAX project
Hi Everyone
I will try and keep it sort, my friend and I both do our own homelabs the usual stuff Radarr, Pi-hole, TrueNas, Proxmox etc.
Now we want to do a bit of silly thing as the title says, regards to Fax'ing we just want to be able to do send faxs to eachother (memes, guides etc.) We both have a cisco SPA2102 VoIP which to our understanding should do the trick.
I have tried to find stuff on the internet to see if I could find a guide or some idea on how to do this in a modern internet method but without luck, so I was hoping to either get a bit of help or straight answer saying "Just use email man"
-
How do setup my own Private DNS?
Hosting your own PrivateDNS for Android?
How do you run your own DNS for privateDNS for Android?
I am currently using OPNsense with unbound for my DNS. My wireguard vpn is also on OPNsense.
I have LSIO Swag for my reverse proxy with Let's Encrypt and CloudFlare for my SSL and DNS.
Docker compose for my containers.
Can Pi-Hole, Ad Guard Home, Technitium be used as and entry for PrivateDNS on android?
-
What do you use for DNS in your Homelab?
Hey there, im looking into setting up a DNS Server in my Homelab, i would like something like this:
- Server in Docker on my Proxmox Server
- Server in Docker on my NAS and
- Server in my "Cloud" Network
Do you guys have any recommendations on how i could accomplish this? Otherwise i will just use PiHole with sync again or something like it :)
-
When adding disks to a Synology SHR volume, is the data re-laid out?
Anyone an expert in Synology here?
Synology's Hybrid Raid (SHR) is a funky little system, especially since it's built on standard Linux tools.
What I'm wondering though, is how data is distributed when you change the disks in the system.
Imagine I have 2x1TB drives and 2x4TB drives in a system.
- First it creates a 4x1TB "chunk" which is essentially RAID5. (3TB available)
- Next it creates a 2x3TB chunk which acts like RAID1 (although internally may be calculated like a RAID5 parity.) (3TB available from this)
Now let's say I replace those two 1TB drives with 4TBs (safely, preserving data, etc.), and tell SHR to expand to use the new drives. I can see a number of scenarios from this point:
- It mirrors the two new blocks into another 3TB chunk, giving me 9TB total. (3 from RAID5, 3 from first mirror pair, 3 from second mirror pair)
- It expands the 3TB mirror into a second RAID5 group, giving 12TB total. (3 initial plus 9 in the second group)
- It does the same thing and also rewrites the data on the (former) 3TB mirror pair to be striped across all four disks
- It expands the 3TB mirror to RAID5, *and merges it with the original 3TB RAID group, giving a single 12TB RAID5.
- Again it does the same thing but with rewriting of the data that was formerly just mirrored.
This isn't likely to be a huge deal, but I'd like to know how it works under the covers.
-
DNS over TLS with Unbound
I see a lot of guides on setting up DoH (DNS over HTTPS) using things like
cloudflared
, but not many concrete ones on DoT (DNS over TLS).Does anyone have any guides they'd recommend?
-
Traefik setup routing rules help
cross-posted from: https://lemmy.blahaj.zone/post/16452222
> Hello friends, I've been pulling my hair out trying to figure out how to get my service to properly play well with traefik. > > My service is reachable at <host>/dnd-notes/page, but the service needs to fetch additional resources and fails to do so. > > IE: user navigates to <host>/dnd-notes/foobar > > foobar loads. > foobar fetches <host>/.client/main.css > foobar fails to find this resource. > > Here is my static configuration: >
> ## traefik-static.yml > providers: > docker: > exposedByDefault: false > > api: > insecure: true > dashboard: true > > entryPoints: > web: > address: :80 > websecure: > address: :443 > > log: > level: DEBUG >
> > Here is my compose: >> services: > traefik: > image: "traefik:latest" > container_name: "traefik" > ports: > - "80:80" > - "8080:8080" > volumes: > - "/var/run/docker.sock:/var/run/docker.sock:ro" > - "./traefik/traefik.yaml:/etc/traefik/traefik.yaml" > > silverbullet: > image: zefhemel/silverbullet > container_name: "dnd-notes" > volumes: > - './dnd-notes/space:/space' > labels: > - "traefik.enable=true" > - "traefik.http.routers.dndnotes.rule=PathPrefix(`/dnd-notes/`)" > - "traefik.http.routers.dndnotes.service=dndnotes" > - "traefik.http.routers.dndnotes.entrypoints=web" > - "traefik.http.routers.dndnotes.middlewares=dndnotes_stripprefix" > - "traefik.http.services.dndnotes.loadbalancer.server.port=3000" > - "traefik.http.middlewares.dndnotes_stripprefix.stripprefix.prefixes=/dnd-notes" >
-
Have you ever committed mistakes while setting up your homelab?
I will start first
- I didn't notice my diy NAS motherboard had Pci-E Gen 2.0 (old gen) before buying it. It's not a great limitation (still 500MB/s) for the two spinning disks I have on it, but it'd be if I will decide to switch to SSDs
- I cheaped out on the PSU. I bought another one without waiting for that crap to burn down so I eventually spent more
- I often break the software. Sometimes I kill the OS or mess with some BTRFS pools
Sometimes I just feel not adequate for it. Does this kind of things happen to you too?
-
Can't get my URL to work.
First, thank you in advance.
I'm having trouble with exposing my server, I think what I need is a better understanding, as opposed to technical help (though that would be appreciated)
At the moment I'm using the linuxserver.io suite of applications. I've got SWAG set up with DuckDNS, and I'm trying to set up Jellyfin and other applications. (they're all in the same compose.yaml).
I can access my applications on an external network via
<user>.duckdns.org:<port>
and it works fine (but no https).Within my home network I can access
jellyfin.<user>.duckdns.org
- the https is valid and everything is working fine.I suspect this means my router is not set up correctly? I'm using OpenWRT. What am I doing wrong?
-
What is the reason for asymmetrical connections?
This is more "home networking" than "homelab," but I imagine the people here might be familiar with what in talking about.
I'm trying to understand the logic behind ISPs offering asymmetrical connections. From a usage standpoint, the vast majority of traffic goes to the end-user instead of from the end-user. From a technical standpoint, though, it seems like it would be more difficult and more expensive to offer an asymmetrical connection.
While consumers may be connected via fiber, cable, DSL, etc, I assume that the ISP has a number of fiber links to "the internet." Those links are almost surely some symmetrical standard (maybe 40 or 100Gb). So if they assume that they can support 1000 users at a certain download speed, what is the advantage of limiting the upload? If their incoming trunks can support 1000 users at 100Mb download, shouldn't it also support 1000 users at 100Mb upload since the trunks themselves are symmetrical?
Limiting the upload speed to a different rate than download seems like it would just add a layer of complexity. I don't see a financial benefit either; if their links are already saturated for download, reducing upload speed doesn't help them add additional users. Upload bandwidth doesn't magically turn into download bandwidth.
Obviously there's some reason for this, but I can't think of one.
-
Has anyone else been called crazy for home-labbing front facing stuff?
Has anyone else been called crazy for home-labbing front facing stuff?
I've always had this mindset of asking, "What am I really getting out of this?" But when it came to the internet and what I posted, I held onto a bit of innocence. Over the past two years, though, that innocence has been chipped away, but I think I’ve managed to reclaim it.
I don’t fault for-profit companies like Reddit for monetizing content; honestly, it was my own oversight for not reading the terms of service carefully. But since then, I’ve realized just how much I’ve unknowingly contributed to other projects for free.
There’s nothing inherently wrong with that, but does anyone else ever feel a bit... exploited?
It’s like when a recruiter asks for a
.docx
version of your resume instead of the.pdf
I provide. Maybe it’s just to block your contact details, or maybe there’s something more dubious at play. I’ve experienced both, and each time, I’ve ended up feeling a bit... used.Now, when a recruiter asks for a
.docx
, I ask them why. If it’s to hide contact details, I send an anonymized version. If they want to trim it down to two pages, I direct them to the summary section on my professional website. And if they want to add their bits to it, I guide them to my website, where they can explore my detailed posts.For me, it’s about reclaiming control over what I’ve shared.
I was talking to someone about this recently, and they mentioned that they like to post everything on GitLab to showcase what they’ve been working on. But honestly, it’s just not the same as self-hosting your own Gitea or GitLab instance. But this guy thought I was crazy for hosting a single instance GitLab.
Okay so take X, for example. There, could have a super locked-down account like I do here, only contributing to communities when I want to by directly tagging them, but otherwise just using it as a personal journal like my Mastodon, but it’s just not the same. When X started monetizing posts, the platform's objective changed.
I don’t mind 'for-profit,' but when it’s driven by short-term gains like a monetized post, eventually all engagement is funneled towards that. It ends up feeling like you’re writing in someone else’s diary. That you tailor for engagement.
It’s also about the love of tinkering.. breaking things, fixing them, and getting everything back up to spec. It’s about embracing the original idea of the internet: a decentralized space where anyone can contribute, without your work being exploited.
It’s your own little corner where you can post whatever you want, for whomever you want. A Jellyfin server for my partner, a portfolio for the hiring manager, a GitLab for my playground. Enjoying the freedom to experiment without an ops exec pulling their hair out.
It's kinda magical.
Footnote: This is my first post to this community, if this post isn't a good fit, please let me know and I'll gladly adjust or remove it.
Tags for Federation: @homelab
-
UDM Pro or PFsense and why?
I've been using PFSense for years, and it's been pretty great, but I also have some friends who are homelabbers that like their Unifi setups.
What do you guys prefer, and why?
-
What are you running in your home network?
I was gifted a new Raspberry Pi. I already have a previous pihole setup and now looking for other ideas to run on my network.
I was considering a network monitoring tool. Any other suggestions?
-
Sec Camera -> PoE Switch -> L3 Switch -> NVR?
Is it possible to have about 4 PoE cameras attached to a PoE switch in a network closet which will be trunked to a L3 switch where the NVR will be also attached too?
Or would it be better practice to home the NVR in the network closet to supply the power natively.
-
Looking for a Small 10GB Switch
A few months ago, I upgraded all my network switches. I have a 16-port SFP+ switch and a 1GB switch (LAGG to the SPF+ with two DACs). These work perfectly, and I'm really happy with the setup so far.
My main switch ties into a remote switch in another building over a 10Gb fiber line, and this switch ties into another switch of the same model (on a different floor) over a Cat6e cable. These switches are absolute garbage: https://www.amazon.com/gp/product/B084MH9P8Q
I should have known better than to buy a cheap off-brand switch, but I had hoped that Zyxel was a decent enough brand that I'd be okay. Well, you get what you pay for, and that's $360 down the toilett. I constantly have dropped connections, generally resulting in any attached devices completely losing network connectivity, or if I'm lucky, dropping down to dial-up speeds (I'm not exaggerating). The only way to fix it is to pull the power cable to the switch. Even under virtually no load, the switch gets so hot that it's painful to touch. Judging from the fact that my connection is far more stable when the switch is sitting directly in front of an air conditioner, that tells me just about all I need to know.
I'm trying to find a pair of replacement switches, but I'm really striking out. I have two ancient Dell PowerConnect switches that are rock solid, but they're massive, they sound like jet engines, and they use a huge amount of power. Since these are remote from my homelab and live in occupied areas, they just won't work. All I need is a switch that has:
- At least 2 SFP+ ports (or 1 SFP+ port for fiber and a 10Gb copper port)
- At least 4 1Gb ports (or SFP ports; I have a pile of old 1GB SFP adapters)
- Management/VLAN capability Everything I find online is either Chinese white-label junk or is much larger than what I need. A 16-port SFP+ switch would work, but I'd never use most of the ports, and I'd be wasting a lot of money on overkill hardware. As an example, one of these switches is in my home office; it exists solely so I have a connection between my server rack, two PCs, and a single WAP. I am never going to need another LAN connection in my home office; any hardware is going to go in the server rack, but I do need 10GB connectivity on at least one of those PCs.
Does anyone have a suggestion for a small reliable switch that has a few SFP+ ports, is made by a reputable brand, and isn't a fire hazard?
-
Alternatives to Tenable Nessus?
In the past, I've used nessus for vulnerability scanning my lab, but as my service count has grown, the 16 IP limit is becoming a little unwieldy.
Is anyone able to recommend an alternative that fits at least most of the requirements I have?
-
Free (preferably in both senses of the word)
-
Doesn't use Docker, even if containerized, I'd prefer to avoid having my scanner share a host with another service... and I'm not incredibly well versed with Docker
-
Scans multiple systems (I tried Trivy, but as far as I can tell it only scans the system you install it on)
-
Has a webui for management of scans
Alternatively, if anyone is willing to lend some advice for the configuration of Wazuh... I deployed the service months ago with the expectation that it could be used for vulnerability scanning (the Dev was in a few reddit threads suggesting that it had the capability), but i haven't been able to configure it properly.
I appreciate any advice people are willing to offer!
Edit: fixed formatting
-
-
journalctl errors to Gotify notification?
Is there a way to easily create Gotify notifications from critical system errors (journalctl -p 3)? I recently had a bunch of out-of-memory errors and it would've been great to be notified about them. There must be a pre-build solution for this, right? Ideally also dockerized. Thanks in advance!
-
How to track down external network issue?
I've got a homelab running a number of services in Docker. Everything works beautifully internally, but access from outside the network is very slow. I'm using nginx proxy manager and cloudflare ddns for the external access. It's not a speed issue. I'm on fiber with a very solid upload.
Jellyfin and Overseerr are the main services that I'm having trouble with. Oddly, once you manage to get a video going in Jellyfin, it works fine.
I could use some guidance in what to look for, what tools I can use, or any other advice on how to track down the issue. Thanks!
-
Question about NAT
I am hosting a couple of services (Matrix chat server and a game server). I know NAT's job is to translate external requests into internal addresses, so that the traffic can hit the WAN and ultimately make it to the internal service which is expected to handle the traffic, however I'm wondering if my setup is correct.
Everything is working as expected, but I'm just wondering how the traffic knows which service to go to. If an outside requests comes in, is it just the destination port that is used to route to the correct internal IP? Do I need to do something else here for best practices?
-
Don't get an used Quanta server - I just wanted a cheap Epyc server... | Craft Computing
YouTube Video
Click to view this content.
Lesson learnt: don't ever buy an used server from Quanta
Also, isn't Epyc have an efuse that will pair it with the mobo?
-
Dell Boss N1 questions
I've recently picked up an Intel P4000 and I'm purchasing some parts to set it up. Since it's an older platform, I get that there are some limitations on what I can use, so I'm worried about buying things that aren't compatible.
I'm interested in installing a Dell Boss N1 Monolithic to run Proxmox in RAID1, but have some concerns:
-
Will it even work with my system board? Maybe my search skills suck, but I can't glean from the Internet how tightly controlled Server hardware ecosystems are. Would my mb even recognize a component like this, or the drives installed on it?
-
What drives work with it? According to the user manual, there are only three supported drives, and they have to be 480gb or 960gb in size. Had anyone tested using different NVMe M.2 drives?
-
-
My Homelab addiction took a turn for the worse today when I finally figured out how to do 802.11q on my switch.
Help I now have several lans
-
Optimizing a WiFi Network
This isn't strictly "homelab" related, but I'm not sure if there's a better community to post it.
I'm curious what kind of real-world speeds everyone is getting over their wireless network. I was testing tonight, and I'm getting a max of 250Mbit down/up on my laptop. I have 4 Unifi APs, each set to 802.11ac/80Mhz, and my laptop supports 2x2 MIMO. Testing on my phone (Galaxy S23) gives basically the exact same result.
The radio spectrum around me is ideal for WiFi; on 5Ghz, there is no AP in close enough range for me to detect. With an 80Mhz channel width, I can space all 4 of my APs so that there's no interference (using a non-DFS channel for testing, btw).
Am I wasting my time trying to chase higher speeds with my current setup? What kind of speeds are you getting on your WiFi network?
-
I made a blog post about an old IBM server!
Got this server for free, so I talked about it on my blog !
Do you guy have any ideas on what I could run or install on this thing ? (For fun of course, nothing serious!)
-
Away from home for months; homelab unreachable; now looking for UPS
I'm currently traveling for months at a time and my homelab has become unreachable to me over VPN due to a unknown complication after a power outage.
Just as a learning experience for all, my mistake was that I set-up my VPN very far down the stack - as a wg-easy app inside TrueNAS SCALE's apps ecosystem. My very important reason for doing it was that way was that wg-easy allows for setting up client devices with a QR code...
Anyway, the NAS is not booting back up nor do the TrueNAS apps. I should've set my VPN up right at the front of the network - on my MikroTik router that also supports Wireguard. The funny thing is I was so happy that my NAS has IPMI and whatnot but now I can't even access it.
For now the NAS is kept powered on from what I know, it just doesn't boot. This should help prevent bitrot until I'm back. All important files are backed up on a 3rd party service.
It's a shame my Jellyfin and Navidrome inaccessible, but I'll live.
----
Now I'm thinking about buying an UPS so that this doesn't happen in the future. I'd like the UPS to be fanless and rackmount, so that limits me to ~700VA territory.
Devices in my homelab pull about 65W idle and spike to say 150W when everything is booting. ISP modem, router, POE+ switch, AP, NAS. I might add another 20W due to a Lenovo M920q in the future.
I only really care about NUT and graceful shutdown instead of long runtime on battery.
I was thinking about this: https://www.apc.com/us/en/product/SMT750RMI2U/
In my country I can get it with new batteries (no front panel) and a network card for NUT for a total of 180 EUR.
Would that work? Would you be afraid of leaving an UPS (it is kinda like a bomb after all) unattended an leaving your home for 6 months at a time?
-
Should I get a firewall appliance?
I have a host name whose dns points to my home IP. I use this for game servers for my buddies. Should I be worried about my home IP being easily accessible like this, and should I get a physical firewall appliance to protect myself?
Servers are running Windows Server 2019 and Mac OSX.
-
I got an old Cisco AP and I looked inside!
I got this AP for free, and had some fun trying to configure it, and I decided to look at the inside of this thing. It has a PowerPC processor, pretty cool!
It is a Cisco Aironet 1131AG
More pics:
It's an old AP from around 2007, I managed to get the latest firmware thanks to some guy on the Internet Archive (thank god they exists) ! ( https://archive.org/download/cIOS-firmware-images/ )
-
Network setup help
Hey folks, I have a couple things I would like some advice on. Currently for my home network setup I have my ISP’s modem/router combo set to bridge port 1, and then some google wifi and points connected to that.
My goal is to get rid of the google home wifi and if possible my ISP’s modem/router combo (I don’t really need to replace my ISP if it makes it way more complicated) with something more open and flexible.
I have a couple dell optiplex micros I can use as a pihole/dns/whatever is needed, and I was thinking of picking up a couple of these for my WAP’s and then running the omada docker container to control them.
Would this be enough or would I also need something like openwrt running on another machine as well? If that’s the case I could also pick up this and install it into one of my dell machines so I can run some kind of router software.
TLDR- what would you buy in my situation given you only want to spend about $500 cad max on all the hardware to setup a network in your home lab?
-
Next up: Struggles getting my HBA to see SAS drives (don't think it's 3.3v or 512 vs 520). What should I try?
cross-posted from: https://lemmy.world/post/16636012
> Me again, back with another probably dumb question, but you beautiful bastards have been so helpful so far, I can't stay away! > > I got 10x 10TB SAS drives from FB market place. They look like they're in good shape and the guy says he pulled them from the live server of a family member who passed. HGST. most/all are 2018. > > I brought them home and tried to mount them one-by-one in an xpenology VM to smart test them (easiest place I had set up for SMART tests). > > But most of my troubleshooting has just involved looking at the HBA menus in BIOS and seeing if the drives even show up. Currently only 1 seems to reliably. > > and I got a weird mix of drive showing up fine, but others not showing up at all. I also got a couple drives that passed a SMART test, then when I pulled them and tried to remount them later, they don't even show up? > > I tried using molex to SATA power adapters to rule out 3.3v, didn't help. > > I don't think it's formatting because some of them mounted at least once and they all came from the same server. > > I tried putting the HBA in another PCIe slot, plan to try the third slot tonight. > > I have this HBA, confirmed in BIOS it's in IT mode: https://www.amazon.com/gp/product/B0BYZBNXBS/ > > (I'm having troubles finding a good manual for this board, by the way. there are flashing LEDs that may be trying to tell me something?) > > and these breakout cables: https://www.amazon.com/gp/product/B07B9SBSVW/ > > I might try another HBA, rule out bad board. > I plan to try the third PCIe slot tonight, try to rule that out... > > What else? > > They could be just bad drives, but the seller seemed genuine and they look like they're in good shape. He even pinged me after the sale to see how they worked out for me.. doesn't seem like a scammer. > > Also, a couple questions: 1) these should be hot-swappable, right? and 2) what would happen if this PCIe x8 card is in a PICE x4 slot? > > Thanks again. You guys have been great! :)
- static.xtremeownage.com Balancing Power Consumption and Cost: The True Price of Efficiency - XtremeOwnage.com
Cars, Computer, and Code.
-
What can I make out of a Old Pentium D desktop?
Hello homelabbers,
Recently I came into possession of an old Desktop PC. Its configuration is,
- Pentium D 820, 2.8 GHz dual Pentium 4 core processor, supports 64 bit.
- 512 DDR 333 memory
- 90GB HDD
- no graphics card
- 3 PCI and 1 AGP slot
I was planning to put a ethernet card and use it as a router. It was to theown as garbage. Is what I am planning feasible or a good idea. Or it would be better as trash.
-
Sliding rack rails don't appear for work for my chassis. Any good suggestions for better ones?
I’m a new homelabber, recently bought a SilverStone RM41H08 4U Chassis
My rack is wall mounted and this server is heavy AF to get into place when I need to adjust something.
All the reviews for the branded sliding rails that “work” aka rarely, are terrible.
I’m interested in any ideas people have for maybe DIYing a sliding rail set, or like a better universal rack? Literally anything please hahaha.
I’d even try cabinet rails or something if there’s a good resource on DIYing.
Thanks!
Links for reference: https://www.amazon.com/SilverStone-Technology-Rackmount-Hot-Swappable-RM41-H08-x/dp/B0922FZQFW
https://www.amazon.com/dp/B09B1KZMPN
https://www.amazon.com/ECHOGEAR-15U-Open-Frame-Rack/dp/B07YYJMCNV
-
Normalization of my homelab?
Hi, so I have a very individual homelab. It's a collection of stuff accumulated over nearly 30 years of doing weird stuff.
For the past 9 years it's been running as a bunch of lxc containers (privileged because unprivileged did not exist, back then) but several of those containers are p2v conversions of physical hosts dating back to debian woody and earlier. They're all upgraded to at least buster, most are bookworm. Stuff like asterisk, email, home assistant, nextcloud, matrix synapse run there these days.
The server is a 15 year old HP gen6 thing, and is getting quite long in the tooth. There's also a dedicated cheapy microserver with an i4 running opnsense on bare metal as a firewall.
Trying to run stuff like local voice stuff for home assistant is showing the HP's age quite badly. Also, our area is getting fibre, and the opnsense box is maxed out at gigabit. More speed would be nice.
So, I'm in two minds. The homelab has been a lot of fun over the years, but I'm over 50 now, I want lower maintenance. This latest wave of upgrades is making me rethink the next 20 years of homelab. I don't want to leave something stupidly "only me" if I were to die tomorrow (diabetes is a fickle bastard). My wife might want to try and carry on this thing - it runs some useful stuff around the house (but it should be noted that nothing in this house requires a server or cloud) - and that's not going to happen with the current solution.
I think I might have a path, using proxmox, from where I am now, to something that can be deployed on e.g. a bunch of ms01 class devices. I'm thinking to convert the existing HP server to proxmox, to allow me to redeploy all my existing lxc containers into the proxmox world. As I acquire hardware over the next year, I can look at a k8s migration of the services onto a small, MUCH lower power cluster. One of the keys is that I don't want to have big outages of services for days or weeks while I migrate everything so it's gotta be a rolling upgrade as it were.
I'm here soliciting feedback. Has anyone ever migrated from a deeply legacy homebrew homelab into something like this? Does it reduce the workload long term? What's the practicality of this for someone rather less tech savvy?
Thanks!
-
Proxmox - Slow network speed
I've noticed recently that my network speed isn't what I would expect from a 10Gb network. For reference, I have a Proxmox server and a TrueNAS server, both connected to my primary switch with DAC. I've tested the speed by transferring files from the NAS with SMB and by using OpenSpeedTest running on a VM in Proxmox.
So far, this is what my testing has shown:
- Using a Windows PC connected directly to my primary switch with CAT6: OpenSpeedTest shows around 2.5-3Gb to Proxmox, which is much slower than I'd expect. Transferring a file from my NAS hits a max of around 700-800MB (bytes, not bits), which is about what I'd expect given hard drive speed and overhead.
- Using a Windows VM on Proxmox: OpenSpeedTest shows around 1.5-2Gb, which is much slower than I would expect. I'm using VirtIO network drivers, so I should realistically only be limited by CPU; it's all running internally in Proxmox. Transferring a file from my NAS hits a max of around 200-300MB, which is still unacceptably slow, even given the HDD bottleneck and SMB overhead.
The summary I get from this is:
- The slowest transfer rate is between two VMs on my Proxmox server. This should be the fastest transfer rate.
- Transferring from a VM to a bare-metal PC is significantly slower than expected, but better than between VMs.
- Transferring from my NAS to a VM is faster than between two VMs, but still slower than it should be.
- Transferring from my NAS to a bare-metal PC gives me the speeds I would expect.
Ultimately, this shows that the bottleneck is Proxmox. The more VMs involved in the transfer, the slower it gets. I'm not really sure where to look next, though. Is there a setting in Proxmox I should be looking at? My server is old (two Xeon 2650v2); is it just too slow to pass the data across the Linux network bridge at an acceptable rate? CPU usage on the VMs themselves doesn't get past 60% or so, but maybe Proxmox itself is CPU-bound?
The bulk of my network traffic is coming in-and-out of the VMs on Proxmox, so it's important that I figure this out. Any suggestions for testing or for a fix are very much appreciated.
-
How can I set up a VLAN for IOT devices on a GL.iNet OpenWRT-based router?
I would like to create a VLAN that can access the internet but cannot access the rest of my network, with one exception. It should still be able to connect to my HomeAssistant server which isn't on the VLAN.
I have never set up a VLAN before so I am a bit lost. Does anybody have any good guides on how to set up something like this on a GL.iNet router? I am able to access the OpenWRT settings including interfaces, devices, etc. from LuCI.
-
PiAlert without WAN access
For those of you who know of PiAlert or similar projects/forks like NetAlertX, do you know of any that can run without WAN access?
I just got PiAlert running the other day and noticed that it does not update correctly unless it has access to WAN which seems odd, since it's basically just running
arp
commands within internal IP ranges over specified interfaces.Edit: Looks like I was just able to modify one function to return a hardcoded value to resolve the need to connect to WAN
-
Single mode fiber cable: which SFP module?
My Internet provider just installed a 2,5/1Gbps Internet connection and I've asked the guys to run a couple of their fiber to connect my router (HP Prodesk with OPNsense) to my server. I didn't know that the fiber is single mode and all the SFP+ sold used now seems to be all for multi mode fiber (www.bargainhardware.co.ukfor example). The cable is about 30m, can I use a 810nm SFP+ or is it definitely better to use a 1310nm?
-
Network conflict on VM with multiple interfaces
So, I finally got this project (PiAlert) working how I'd like.
It basically uses
arp
to keep track of devices on your network, and let you know when new ones join. It gives some basic stats like uptime, etc and you can configure a few different notification options to be alerted when a rogue device connects.Anyways, to get this work on my network involved setting up several network interfaces, as I have quite a few VLANs I'd like to keep an eye on. While everything seems to be working, I feel like I may have created an
asymmetric-routing
situation, as now when I SSH to the VM hosting this, it will freeze up after a few seconds.My interfaces look like such. The problem is that I am accessing this VM (hosted on
192.168.1.0/24
) from my personal network (192.168.6.0/24
). My personal network has access to 192.168.1.0/24 and obviously to it's own subnet, so I think packets are getting confused, as there are multiple routes they can take to this VM.I believe this is confirmed, because if I disable the entry for
192.168.6.0/24
in my/etc/network/interfaces
file, the problem goes away.How should I handle this? I've tried some simple UFW rules to try to force things to only use the
192.168.1.0/24
interface, but to no avail.Edit: Sorry for the weird markdown, not sure why it's highlighting keywords
-
Beginner homelab (router/switch)
Hi everyone :)
It's time to switch and give my home network a proper minimal hardware upgrade. Right now everything is managed by my ISP's AIO firewall/router combo. Which works okayish, but I'm already doing some firewall/dns/VPN stuff on my minimal spare laptop server to bypass most of my ISP's restrictions. So it's time to get a little bit "crazy" !
While I do have some "power user" knowledge regarding Linux/server/selfhosted services/networking, I'm a bit clueless hardware wise, specially regarding my ISP's 2.5G ethernet port.
I do have a 5giga connection from my Internet provider (Obtic fiber) which is divided into 4 ethernet ports (Eth1 2.5G, Eth2 1G, Eth3 1G, Eth4 0,500G or something in that range). And right now the Eth1 port is connected through an old 1G switch.
- To take full advantage of my ISP's 2.5G ethernet port do I need a router AND a switch capable of 2.5G througput ? Or only the router and the switch is going to divid it accordingly between all connected devices on a 1G switch?
I'm also looking for some recommendation/personal experience for a router and a switch with a budget of 250e.
First I was interested into a BananaPI as a router, to tinker a bit, but it seems a bit of a hassle to flash it with OpenWRT, then I found an interesting post on Lemmy talking about the Intel N100 Celeron N5105, which looks like more what I'm looking for but I'm not sure ?
- I have no idea what's the best bet, a SBC (bananapi mini, orange pi, raspberry pi...) a fully fleged router (like TP-Link AX1800 and flash it with opensense/openwrt) or an Intel N100 Celeron N5105 Soft Router ?
The capabilities I'm looking for:
- VLAN capable
- AP VLAN capabable to segment wifi
- Taking advantage of my ISP's 2.5G ethernet port
- Firewall customization capabilities
I have an eye on a managed switch I found on amazon (SODOLA 6 Port 2.5G Web Managed) but I have no idea how reliable they are, I have never heard of SODOLA.
-
Any good recommendation I should look at for a managed switch that would work great with the same capabilities above?
-
Probably last question, is regarding wifi APs. Is it possible to make an access point from my router even tough it hasn't atennas? If I connect an access point directly to my router, will it be capable of giving away wifi connection?
Thanks for reading though, I'm a bit unsure how I should spend my money to have a minimal but reliable/capable homelab setup. Every advice is welcome. But keep in mind, I want to keep it minimal, a good enough routing capbability with intermediate firewall customisation. I'm already hosting a few containers with a spare laptop and the traffic isn't going to be to crazy.