What the actual fuck are you on about? This is a technical argument about whether rust should be allowed innthe Linux kernel and the impact of that decision on devs, you absolute troglodyte.

Are you learning networking? You’re entering the world of vlans. In the networking OSI model, Layer 3 is where you’re dipping your toes.

I’m gonna try to over-simplify this, but each network has a gateway, which is a layer 3 device that helps a local network talk to other networks, either in the house or on the internet. That doesn’t have to be a physical device, it can be a virtual network device on your bigger layer 3 device. Most residential network gear won’t understand this. When you get into vlans, it’s like having multiple separate networks on the same devices; if you have “vlan 10” and “vlan 20”; devices on vlan 10 cannot see devices on vlan 20, even if they’re connected to the same switch. This is done by “tagging” ports, which is where you specify what network each port is on. You can also have a port with multiple vlans on it, which is called a “trunk”, but for this to work the network traffic has to carry a tag specifying what vlan each packet belongs to (though each trunk also has a “native” port, think of it like a default vlan if a packet isn’t tagged). The verbage changes based on the vendor, but that’s the idea.

In the actual world, here’s how that works. Ports with devices on the other end with multiple devices/networks on them (access points, switches, firewalls) usually are trunks, then end client ports (your computer, a printer) are “access” ports. You would apply a single vlan to access ports, or make it an “untagged” port, whereas you “tag” multiple vlans on trunk ports. The networking devices will make most of that happen.

So how can you shape the traffic between them? Your firewall/gateway/layer3 device. The easiest entrypoint into this is get a small computer (1L PC which you can get nearly as ewaste, having multiple network ports is good) and installing opnsense on it. It’s free and good for learning, and I use it in prod today. The opnsense box, let’s say, has 1 physical nic, then you create a virtual vlan interface on vlan 10 and 20. That becomes your “default gateway” on all client devices on the respective networks. All traffic leaving the networks go through this device (so faster network ports is better) and that is why firewall rules get to allow/block ports, IP’s, endpoints, etc. Your port forwards to the internet happen here as well. You can make a firewall rule to say your other network allows passing traffic to the original network on port 53 to the pihole, for example, so dns servers on a different “lan” can still be used.

This is a complicated subject, but getting some gear on ebay (a “managed switch”) is a great way to learn. For example, I have an access point with a management interface on my “mgmt” vlan (99, number is arbitrary), then I have 2 ssid’s, one for IoT stuff (vlan 5) and one for my devices (vlan 4). The port going to the access point on the switch is native vlan 99 but tagged to allow traffic with packets tagged with vlan 4 or vlan 5, and the access point tags the traffic based on which SSID the client connects to, the client doesn’t care.

It’s probably more than you are looking for but if you are already looking at self hosting things connected with NextCloud, use NextCloud Talk. We use it for the family and it is great.

I have a philosophy of sticking close to reference implementations and upstream in the homelab because it forces me to learn principles rather than implementations. I use bind9, but that upstreams to pihole on a different port. It is hard to configure for sure, editing zone files in vi, but I learn a lot analyzing the reference syntax to understand features. I also use isc-dhcp-server for DHCP, again manually populating dhcpd.conf.

Bind can peer with other instances; right now it is it’s own ipam vm on my proxmox with bind/isc-dhcp/pihole docker, but I’m looking at dropping some hardware at a family member’s for a site 2.

We tried to host it ourselves to save cost, and it’s a beast but it mostly works. It certainly lags behind in features and uses a lot of resources, but when you compare with the cost it’s certainly passable.

It’s a lot for the homeland, but I love zabbix

Fair, my home office is a monument to too much free time, a hoarding habit for ewaste, and a wife who works weekends and overnights.

That is a self-made soldering kit box I made when I was in college and had to haul it around a lot. I have actually been meeting to replace it with something more permanent now that I’m a grown up with my own house. I have an air flow soldering rig which doesn’t really have a home, and I could have a much better use of space. I have my brocade ICX6610-24 next to that which I’ve been programming for way too long, and a whole bunch of 3D printer parts on top of that.

I’ve done some of that, recently I have an old putty knife and I will put it right against the crack and just hammer it which will unstick it enough that I can pull it off. Newer drives definitely have weaker magnets than some of my much older ones.

I started collecting in probably 2007, so manufactured before that for sure.

That’s rad, and you did an amazing job keeping them whole. Recently I have been wrapping them in cloth, then the kids form clay around them for various fridge and office magnets.

Yes. Look here, the plan is per-device, and the capacity is unlimited: https://www.crashplan.com/pricing/ . I think the restore would be extremely painful, it’s not a fast pipe, but the bigger you go that’s gonna be an issue no matter what.

I don’t have the exactly solution for you, but I went through this a while ago and came up with using openLDAP for this. It’s not tidy at all, but it was a tremendous learning experience, and I documented it in 2 blog posts which may be interesting to you; I doubt you’ll want to do what I did, but it was informative and has worked flawlessly since. I documented some of the flaws I found in options I considered at the time:

https://www.surfrock66.com/my-experience-guide-setting-up-openldap-for-pc-webapp-authentication-on-ubuntu-20-04/

https://www.surfrock66.com/openldap-kerberos-and-sasl-my-experience-in-the-homelab/

I’m not an expert, but I’ve been using TrueNas Scale since I cut over from TrueNAS core, and before that Freenas, since about 2010. I have a bunch of lessons and assumptions, but someone can correct me if these are misguided, they’re my tl;dr of knowledge.

1. Your data drives should be in sets of 3 for a raidz1, or 5+ (I use 6) for a raidz2. While technically the minimum is 2 or 4 respectively, best performance and protection comes in sets of 3. This is a good synopses: https://superuser.com/a/1058545 In that case he points out that a 3-way mirror also works but then you lose a lot of the data integrity checking that comes with ZFS. I keep an offline spare; in your situation putting 3 drives in with a RAIDZ1 and keeping one in the drawer would give you ~8TB of capacity protected against bit flipping and drive failure. This is a better description of the raid levels: https://calomel.org/zfs_raid_speed_capacity.html
2. In terms of just storage, that system will be fine, though ideally you get ECC RAM; that’s often a bigger swap, so if you can’t change that, so be it. It does matter in terms of integrity checking. The more containers you run, the tougher it gets to spec out. I have a separate proxmox hypervisor and routinely have 4+ jellyfin streams going at a time, so it wouldn’t be enough in my case, but you’ll have to experiment and scale. I will say, even though a separate proxmox box comes with a lot of headaches, it was more important than any schooling I ever did in terms of my IT career. Networking, monitoring, access control, suddenly I have a solution to every IT problem I encounter and I have experience with it.
3. Personally, I do a 2-disk mirror for the OS, and then multiple 3 or 6 disk vdevs for data. If you lose the OS drive and it’s just 1, that’s fine if you have backups to just restore, but I find swapping in a cheap ssd is better. I use cheap-as-dirt 64G SSD’s as the boot drives, and if one dies, you can swap it and replace it in the UI, no problem. You can technically use 2 mis-matched sized disks, but it’ll fuss at you.
4. Start with TrueNAS Scale as just a storage device; ideally that needs to be close to the hardware and not virtualized. In the beginning, especially since you’re likely dealing with 1 pool, just make 1 vdev for everything. You can make folders in there, or datasets, and play with partitioning data, sharing data to other computers, etc. I use NFS sharing AND iscsi luns to my proxmox, and ultimately I’m in 1 big dataset with multiple vdevs in it. Add your things like homeassistant one at a time; going through it will show you how you sort storage, how you provision it, etc. Over time, things grow; this will not be your final configuration, most people expand over time. You may decide “I want bulk storage in one vdev, I want containers and vm’s in another.” When you expand, that’s when you split things off and make more nuanced decisions. That will come from better assessing your needs.

You mention Jellyfin…my struggles with that were never storage. My struggles there were networking; it was a big part of why I decided to upgrade my server networking to 10G, which supported running Jellyfin on another hypervisor and having all that go over the network.

For most systems, ext4 because it seems stable and uncomplicated.

For my NAS and big data, ZFS. People whose opinions I trust recommend it, and to the best of my technical ability to evaluate said things, the claims make sense and seem to be extremely beneficial against the threats I perceive to my data.

The pi4 especially is great for proof of concept or MVP testing, but I often migrate to VMs on my proxmox hypervisor once something becomes critical. I started Shinobi, pihole, and home assistant on a pi4.

Tt-rss though the developer can be a bit abrasive if you go asking for help. Been using it since the icanhaz days.

Crashplan can’t tell the difference between local folders and NFS mounts, and they have an unlimited size backup plan per device for like $10/month. I have 1 device with NFS mounts from many desktops and my Nas. About 9TB.

Let’s encrypt is fine for encryption but not identification. I have some stuff which I prefer that on, specifically around demonstrating services that I host at home in the workplace. Having full verification just reduces the questions I have to deal with. It’s like $90/year for a wildcard.

Subdomain; overall cheaper after a certain point to get a wildcard cert, and if you split your services up without a reverse proxy it’s easier to direct names to different servers.