Maximilious

He just told you. Assign VLAN on each individual port on your switch. Done. If your switch is unmanaged, then you need a new switch to support VLANs.

Also -1 for netdata. I loved the analytics but it brought all of my VMs to a screeching halt. It did not seem very will optimized for the amount of data it was polling.

Yes you can. It requires those docker containers to be installed and plugged into it on a stand alone system. This is exactly what HAOS is doing behind the scenes for is users and why many stick with it.

Yeah it’s near impossible to block on streaming services because most of the ads are served up from the same DNS locations that the watchable media is hosted on.

What makes it better other than the UI? I’m weary of using it because it is developed by Russian developers.

This is the way. My setup is very similar except I only use authentik for Nextcloud. I don’t expose my “arr” services to the Internet so I don’t feel it necessary to put them behind authentik, although I could if I wanted.

Using Duo’s free 10 personal licenses is also great as it can also plug into authentik for MFA through the solution.

I backup my ESXi VMs and NAS file shares to local server storage using an encrypted Veeam job and have a copy job to a local NAS with iSCSI storage presented.

From there I have another host VM accessing that same iSCSI share uploading the encrypted backup to Backblaze. Unlimited “local” storage for $70\y? Yes please! (iSCSI appears local to Backblaze. They know and have already started they don’t care.)

I’m backing up about 4TB to them currently using this method.

I’m sure you know this, but snapshots are not backups!

Not sure why they are bothering with this, it will likely get DMCA’d, especially with the news from last year on the series. I partook in this survey and it heavily leaned into questions regarding a potential remake.

https://www.gamingbible.com/news/new-legacy-of-kain-game-finally-being-teased-417234-20230421

As this is a sound suggestion, this is probably not suited to this users needs right now and he should start small. I started my home lab by deploying Pihole on in podman on a virtual machine in my VMware environment and even that had a little learning curve for me as a network engineer. If he wants to tackle pfense at some point, then migrating Pihole via gravity sync should be a cake walk.

Thanks for all you do!

I have Nextcloud hosted internally in a podman container environment. To answer some of your more security related questions, here’s how I have my environment set up:

1. Cloudflare free tier with my own domain to proxy outside connections to the public domain name, and hide my external IP.

2. A DMZ proxy server with a local traefik container with only ports required to talk to the internal Nextcloud server allowed, and inbound 443 only allowed from the internet (cloudflare).

3. An Authelia container tied to the Nextcloud container using “Two-factor TOTP” app addon. Authelia is configured to point to a free DUO account for MFA. The TOTP addon also allows other methods of you want to bypass Authelia and use a simply Google auth or other app. I’ll be honest, this setup was a pain but it works beautifully when finally working.

Note: Using Authelia removes Nextcloud from the authentication process. If you login through Authelia, if set up correctly it will pass the user information to Nextcloud and present thier account. There is a way to have “quadruple” authentication of you really want it, where you log in through Authelia, Authelia MFA, then Nextcloud and Nextcloud MFA, but who would want that? Lol.

Another Note: If Authelia goes down for whatever reason, you can still log in through Nextcloud directly.

1. I have all of my containers set to automatically pull updates with the latest tag. This bites me sometimes of major changes happen, but it’s typically due to traefik or mariadb changes and not Nextcloud or Authelia.

2. I have my host operating system set to auto update and reboot once a week in the early morning.

3. My data is shared through an NFS connection from my NAS that only allows specific IPs to connect. I’d like to say I’m using least privileged permissions in the share, but it’s a wide open share as my NFS permissions are not my strong suite.

Hope the above helps!

I’m currently looking to replace my QNAP. My current unit is the second unit I’ve had of thier that has failed due to motherboard or processor failure and I’m sick of dropping $$$ each time they fail on a replacement unit to keep my data.
Next time my $$$ is going to a self built truenas server, at least this way I have control over replacing bad components and not reliant on a third party. It took 1 month to get my repaired unit back and data restored because the RAID was lost.

For a NAS it’s very important because ECC allows write-back to your disks from cache in the event of a power failure. Without this, your data is at risk of being lost or RAID corrupting if you don’t have battery backup and\or your battery backup fails during power outage.

I’m looking at building my own truenas server since my rack is only 22" depth, but I want a 12 bay hotswap array. Very challenging to find an matx board AND chassis that can fit the bill.