SeeJayEmm

SeeJayEmm , 5 days ago

DDOS protection is going to depend on the VPS. But for most services you could spin up a pretty lean Debian vm running a proxy like nginx proxy manager and run that over the tunnel. Something like opnsense seems like overkill.

SeeJayEmm , 6 days ago

Burnout Paradise is going to stay in my all time hall of fame till I die.

SeeJayEmm , 12 days ago

B2 is about $5/TB.

If you keep your eyes open for deals (LowEndBox) you could find an inexpensive storage VPS. I've got one now providing 2 TB for $5/mo.

SeeJayEmm , 14 days ago

Pretty good breakdown of the current science on the topic. Thanks.

SeeJayEmm , 15 days ago

The whole .zip TLD is really unfortunate.

SeeJayEmm , 18 days ago

This is how I learn and half the reason my home lab exists. I need projects to get/stay motivated.

SeeJayEmm , 22 days ago

So a company that made 12 Billion in profit in one quarter is dying because it's growth has slowed down/plateaued?

SeeJayEmm , 22 days ago

The only complaint on this list that, I think, is a legitimate complaint is replies not loading. Imagine if Lemmy worked that way. The rest is just how it's intended to work.

Certainly a good warning before trying to self host but this isn't broken.

SeeJayEmm , 22 days ago

You do if you want to provide that as your "work" number. Unless you're going to jump though VoIP hoops.

SeeJayEmm , 22 days ago

Not everyone has a desk phone (much less a desk).

SeeJayEmm , 21 days ago

No. I have a monthly stipend but I don't really take calls outside of teams.

SeeJayEmm , 22 days ago

I feel this post so hard. I'm always about 5 seconds from going Office Space on my printer.

SeeJayEmm , 22 days ago

I'm fond of Beekeeper Studio and a sqlite DB.

SeeJayEmm , 25 days ago

However, if my VPS is compromised, wouldn't the attacker still be able to access my local network?

That depends on your setup. I terminate my wireguard tunnels on my opnsense router, where I have explicit fw rules for what the vps hosts can talk to.

SeeJayEmm , 29 days ago

I'm using CheckMk for pretty much all of that. Personally I found zabbix to have too much overhead.

SeeJayEmm , 1 month ago

If you want the small footprint and power costs are a concern, look for a second hand mini computer. Dell, Lenovo, Intel nuc.

Something like this as an example.

SeeJayEmm , 1 month ago

No but less power hungry than a full desktop. It's a good trade-off between power and performance.

SeeJayEmm , 1 month ago

Tuesday

SeeJayEmm , 1 month ago

Then you didn't understand how the system uses swap.

https://chrisdown.name/2018/01/02/in-defence-of-swap.html

SeeJayEmm , 1 month ago

https://www.wireguard.com/protocol/

Looks like wireguard encrypts traffic to me.

SeeJayEmm , 1 month ago

I've been happily running Open Media Vault in a Proxmox VM for some time now.

SeeJayEmm , 1 month ago

I didn't pass any phy disks through, if that's what you mean. I'm using that system for more than OMV. I created disks for the VM like I would any other VM.

SeeJayEmm OP , 1 month ago

Kinda feel dumb that my answer is no. Let me do that and report back.

SeeJayEmm OP , 1 month ago

Short test completed without error.

SeeJayEmm OP , 1 month ago

I would start by making sure you have good recent backups ASAP.

I do.

Could be as simple as a service logging some warnings due to junk incoming traffic, or an update that added some more info logs, etc.

Possible. It's a really consistent (and stark) degradation in performance tho and is repeatable even when the opnsense VM is the only one running.

SeeJayEmm OP , 1 month ago

While you’re waiting for that, I’d also look at the smart data and write the output to a file, then check it again later to see if any of the numbers have changed, especially reallocated sectors, pending sectors, corrected and uncorrected errors, stuff like that.

That's a good idea. Thanks.

SeeJayEmm OP , 1 month ago

It's an old Optiplex SFF with a single HDD. Again, my concern isn't that it's "slow". It's that performance has rather suddenly tanked and the only changes I've made are regular OS updates.

SeeJayEmm OP , 1 month ago

I'm trying to think of anything I may have changed since the last time I rebooted the opnsense VM. But I try to keep up on updates and end up rebooting pretty regularly. The only things on this system are the opnsense VM and a small pihole VM. At the time of the screenshot above, the opnsense VM was the only thing running.

If it's not a failing HDD, my next step is to try and dig into what's generating the I/O to see if there's something misbehaving.

SeeJayEmm OP , 1 month ago

I'm starting to lean towards this being an I/O issue but I haven't figure out what or why yet. I don't often make changes to this environment since it's running my Opnsens router.

root@proxmox-02:~# zpool status
  pool: rpool
 state: ONLINE
status: Some supported and requested features are not enabled on the pool.
        The pool can still be used, but some features are unavailable.
action: Enable all features using 'zpool upgrade'. Once this is done,
        the pool may no longer be accessible by software that does not support
        the features. See zpool-features(7) for details.
  scan: scrub repaired 0B in 00:56:10 with 0 errors on Sun Apr 28 17:24:59 2024
config:

        NAME                                    STATE     READ WRITE CKSUM
        rpool                                   ONLINE       0     0     0
          ata-ST500LM021-1KJ152_W62HRJ1A-part3  ONLINE       0     0     0

errors: No known data errors

SeeJayEmm OP , 1 month ago

I thought cheap SSDs and ZFS didn't play well together?

SeeJayEmm OP , 1 month ago

I may end up having to go that route. I'm no expert but aren't you supposed to use different parameters when using SSDs on ZFS vs an HDD?

SeeJayEmm OP , 1 month ago

Thanks for all the info. I'll keep this in mind if I replace the drive. I am using refurb enterprise HDDs in my main server. Didn't think I'd need to go enterprise grade for this box but you make a lot of sense.

SeeJayEmm OP , 1 month ago

This was really interesting, thanks for the info.

SeeJayEmm OP , 1 month ago

I've done a bit of research on that and I believe upgrading the zpool would make my system unbootable.

SeeJayEmm OP , 1 month ago

Proxmox is using ZFS. Opnsense is using UFS. Regarding the record size I assume you're referring to the same thing this comment is?

You can always find some settings in your opnsense vm to migrate log files to tmpfs which places them in memory.

I'll look into this.

SeeJayEmm OP , 1 month ago

I'm referring to this.

... using grub to directly boot from ZFS - such setups are in general not safe to run zpool upgrade on!

$ sudo proxmox-boot-tool status
Re-executing '/usr/sbin/proxmox-boot-tool' in new private mount namespace..
System currently booted with legacy bios
8357-FBD5 is configured with: grub (versions: 6.5.11-7-pve, 6.5.13-5-pve, 6.8.4-2-pve)

Unless I'm misunderstanding the guidance.

SeeJayEmm OP , 1 month ago

That cheat sheet is getting bookmarked. Thanks.

SeeJayEmm OP , 1 month ago

Media should exist in its own with a tuned record size of 1mb

Should the vm storage block size also be set to 1MB or just the ZFS record size?

SeeJayEmm OP , 1 month ago

Thanks I may give it a try if I'm feeling daring.

SeeJayEmm , 1 month ago

That very much depends on what you want to do.

The self hosted mailing list has a directory of apps they track.

There's also the Awesome Self hosted.

SeeJayEmm , 1 month ago

Zabbix & Grafana for supervision

@foremanguy92_ personally I prefer CheckMk over Zabbix. I found Zabbix to be an absolute pig. Both are on the complex side. But really, you probably just need something like Uptime Kuma.

SeeJayEmm , 1 month ago

Yes. That's why it's called the Internet of things. Every "smart", wifi connected, device you have uses that connection to communicate with a remote server. The app on your phone does the same to control the light.

Check out Zigbee for an example local control.

SeeJayEmm , 1 month ago

I wish I'd seen this before the minor hell I went through learning how to geoip block via iptables. 😁

It looks interesting. I think my only real concern is security. There's a lot of people using and working on nginx so, presumably, more people to identify bugs and squash them.

SeeJayEmm , 1 month ago

I'm still curious tho. I'll probably set it up for some internal only sites to test.

SeeJayEmm , 1 month ago

Nightly backups to a repurposed qnap running pbs. I'm fully aware it's overkill but it gives me some peace of mind.

SeeJayEmm , 1 month ago

I've got PBS setup to keep 7 daily backups and 4 weekly backups. I used to have it retaining multiple monthly backups but realized I never need those and since I sync my backups volume to B2 it was costing me $$.

What I need to do is shop around for a storage VM in the cloud that I could install PBS on. Then I could have more granular control over what's synced instead the current all-or-nothing approach. I just don't think I'm going to find something that comes in at B2 pricing and reliability.

SeeJayEmm , 1 month ago

A newbie should be running AIO in docker, which in my experience, has been pretty solid.