Cynyr36

joined 1 year ago
[–] Cynyr36@alien.top 1 points 11 months ago

Dual unbound servers running unbound-adblock in recursive mode with DNSSEC on, with a stubzone for my internal domain (*.lan) pointed at the dnsmasq server that handles dhcp and local DNS.

I wanted dns redundancy so at least "the Internet" would work if I was rebooting something, which the sub zone handles very well.

Dnsmasq is set to no upstreams, and authoritative for the domain. This gives me ddns for clients as well.

I did look into kea for DHCP and nsd for local DNS, but kea wasn't really ready to handle dual stack clients with the ddns updates. It was neat that you can run kea in a proper redundant config. Not sure I'd have been able to get the ddns updates to dual nsd servers working without a hidden primary, leaving me with a single point failure.

[–] Cynyr36@alien.top 1 points 11 months ago

For future redditors, since i had no clue what this was.

Dockge A fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager.

[–] Cynyr36@alien.top 1 points 11 months ago (2 children)

I'll see if i can find it when I'm not on mobile, but there was a list floating around of low power builds. I think it was from a German forum.

[–] Cynyr36@alien.top 1 points 11 months ago (4 children)

I'd replace basically everything with a pair of n100 based things. They'd be faster, better at transcoding, and use less power. I'd you want a bit more grunt or ram, a i3 13100.

You have 12 hard drives, so that's about 130watts (10-15w each). Can you consolidate down to 2 or 3 larger capacity drives?

If you are looking for marginal gains, move pihole and home assistant to containers or tiny vms on one of the other systems.

So i guess my recommendation, one of those chinese n100 firewall boxes, run proxmox, with *sense in a vm and pass through 2 or 3 nics, pihole and HA in containers. Build a i3 13100 based system with 64+gb ddr5, put 2, 3, or 4 large capacity drives along with a pair of ssds for guest storage. Virtualize everything else. My guess is that whole stack would idle at 50w or 60w, and could maybe draw 150w.

You might need more gpu than the igpu in a i3 13100, but a intel A380 would cover that.

[–] Cynyr36@alien.top 1 points 1 year ago

Whenever there is a proxmox kernel update. Every few years to dust them If i get new hardware.

[–] Cynyr36@alien.top 1 points 1 year ago

I'm running proxmox + lxc for samba. Works fine. I'd say the decision is do you want a server that moonlights as a nas, or a nas that moonlights as a server.

I have not tried trunas (scale or core), i have data on an existing mdraid setup that i knew i could get working with proxmox.

[–] Cynyr36@alien.top 1 points 1 year ago (1 children)

Correct*, unless you vpn home. Please don't run a publicly accessible dns server. It's going to get used in a dns amplification attack.

*And even then only for devices that use your dns server. Many iot devices have hard coded dns servers to use. And with dns-over-https (DoH) they will get pretty close to unblockable.

[–] Cynyr36@alien.top 1 points 1 year ago (3 children)

unbound adblock is what I'm using. Hand it a couple of pihole lists and it fits the same thing without the fancy gui.