Dran

I’m with you that he doesn’t strictly need a gpu, but if the price is right (free from old gaming PC, cheap from a friend’s old gaming PC, cheap old workstation card, etc) I stand by that he probably wants one. A lot less fussy, a lot more capable, nad nvenc does better quality encoding at lower bitrates (and probably less power too if you take into account time spent encoding at full tilt.)

Generally power supplies are the most electrically efficient at 20-60% utilization, so there’s no issue with over-provisioning power, other than the (generally minor) upfront extra cost, which might very well pay for itself in the first months/years of usage. I’ll take a look and see what I can find on those sites.

Edit: okay, trying to shop through google translate / currency calculator is actually aids so I’m gonna teach a man to fish instead. This is what I should have done from the start anyway.

Power supply: Anything from a decent brand, at basically anything >450W. a 650W or 850W is totally fine if it’s at a decent price. They only draw the power they need, they don’t just constantly pull 850W if the downstream components aren’t calling for it.

CPU: 12400 is a fine cpu for what you’re doing. You’ll transcode at 720p no problem, 1080p maybe a single stream in real-time. I wouldn’t bank on more than that. Only downsides here are the relatively shallow core counts if you ever expanded into other workloads. Without access to used xeon boards/cpus, it might be a reasonable choice though. What I would say is look for something older but with more cores/threads if you can. For example, a 10900 or even 10700k would probably be a better server cpu than a 12400.

Memory: DDR4 platforms are a great way to save money, as long as you aren’t planning on expanding to inferencing on cpu. Get as much as you can. 32-64gb of ddr4 should be dirt cheap, especially if you find a cheap motherboard with 4 memory sockets.

Motherboard: If you want this thing to be versatile, you want 2x pci-e slots. Old gaming full-sized ATX boards are the way to go here. 1 slot for an HBA, 1 slot for a GPU, and that should be all you need. Bonus for as many open sata sockets as possible. 6-8 is pretty typical on 10th-12th gen gaming ATX boards.

GPU: gpus will be much more efficient at transcoding than an igpu, especially from older intel CPUs. A 1050, 2060, 3050, basically anything from the 10-series onward has a decent nvenc encoder that would work well with plex/jellyfin. My goto is generally old workstation cards, I use a p620 myself and it handles a single 4k encode job no problem. I’m not sure if they’re viably purchasable anywhere in your area, but I’d definitely look out for a P620, P1000, or T400. Great value in those cards.

Drives/HBA: there are inexpensive LSI HBA cards to expand how many drives you can attach to a system if you need them, all you need is a spare pci-e slot and a place to physically mount the drives. The cheapest way to start here is to look for a motherboard with 4-6 sata slots and use those. Hardware raid is functionally dead these days in the real world, just use zfs or mdadm under linux to create an array with your desired level of resiliency/capacity.

Once you’ve priced out what it would cost to buy all of this new, look for prebuilt gaming PCs and office PCs that might be able to be expanded to fit these requirements. Prices look kind of steep on those markets you listed, but I’m sure something exists if you look hard enough.

Thank you for letting me know what software not to use; good bot

Crossfading and normalization would both independently be dealbreakers for me. I can’t go back

I would be genuinely surprised if fair use draws the line on format-shifted, legally purchased media, at “remote watch-together”, leaving format-shifting and local watch-together in-tact.

If it were up to the studio’s interpretation of the law, you’d need to purchase a license for each person during local watch-together.

agree in principal, but in practice:

1. parents who live across the state

2. plexamp for music

I cut the sleeves off of mine, that was probably my crime. Sleeves are like pants; the fewer you wear the better your day is.

Vscodium has been a very usable replacement for me. You lose some of the ms first party plugins (ssh being the most notable) but largely it just works otherwise.

I use ansible on one of my side projects; I use puppet at work. It’s the same reason I use raw docker and not rancher+rke2… it’s not about learning the abstractions; it’s about learning the fundamentals. If I wanted a simple abstraction I’d have deployed truenas and Linuxsserver containers instead of Taco Bell programming everything myself.

Sure. I have an r630 that is configured as an NFS server and a docker host called vacuum. There is a script called install_vacuum.sh that with a single command, can build the server to my spec from a base install of Ubuntu 24.04. it has functions to install base packages from repositories, add new repositories, set up users, create config files for NFS, smb, fstab, crontab, etc… once an NFS server exists on my network, any other server could be my docker host. My docker host is set up from a script install_containers.sh. as with before, it does all the things to get me a basic docker host, firewalled, and configured for persistence via my NFS server. It also has functions to create and start docker containers for all of my workflows (Plex, webserver, CA, etc), and if those containers don’t exist, it will build a docker image for said workflow based on a standardized format (you guessed it) bash build script for the containers. There is automation via cron on whatever host runs docker to build and update the containers once a week, bare-metal servers update themselves nightly, rebooting when necessary via unattended-upgrades.

Basically, you break everything down into the simplest function possible, have everything defined via variables in shared configurations that everything sources before running, and you have higher and higher level functions call other functions until you have a single function that cascades into a functioning system. Does that make sense?

Have you started collecting your notes into scripts?

Not sure if many people do what I do, but instead of taking notes I make commented functions in bash. My philosophy is: If I can’t automate it; I don’t understand it. After a while you build enough automation to build your workstations, your servers, all of your vms and containers, your workflows, etc, and can automate duplicating / redeploying them whenever required. One tarball and like 6 commands and I can build my entire home + homelab.

A computer scientist, presumably.

Nothing beats the bang/buck ratio of used enterprise hardware (always buy new drives though if you care about the data)

https://www.theserverstore.com/ https://www.serversupply.com/ https://www.servermonkey.com/

I’ve bought from all of these in the past, personally I’m a fan of dells but there are arguments for just about any of the major 3 (dell, hp, sueprmicro)

Personally my main server right now is an r630. 96 threads, 768gb of ram. With that many memory channels, not only can you run all of what you listed, you can even do medium-sized inferencing/diffusion if you’re interested in that sort of thing.

the best way to learn is by doing!

I just built my own automation around their official documentation; it’s fantastic.

https://www.wireguard.com/#conceptual-overview

https://www.wireguard.com/install/

https://www.wireguard.com/quickstart/

vyatta and vyatta-based (edgerouter, etc) I would say are good enough for the average consumer. If we’re deep enough in the weeds to be arguing the pros and cons of wireguard raw vs talescale; I think we’re certainly passed accepting a budget consumer router as acceptably meeting these and other needs.

Also you don’t need port forwarding and ddns for internal routing. My phone and laptop both have automation in place for switching wireguard profiles based on network SSID. At home, all traffic is routed locally; outside of my network everything goes through ddns/port forwarding.

If you’re really paranoid about it, you could always skip the port-forward route, and set up a wireguard-based mesh yourself using an external vps as a relay. That way you don’t have to open anything directly, and internal traffic still routes when you don’t have an internet connection at home. It’s basically what talescale is, except in this case you control the keys and have better insight into who is using them, and you reverse the authentication paradigm from external to internal.

Talescale proper gives you an external dependency (and a lot of security risk), but the underlying technology (wireguard) does not have the same limitation. You should just deploy wireguard yourself; it’s not as scary as it sounds.

Fail2ban and containers can be tricky, because under the hood, you’ll often have container policies automatically inserting themselves above host policies in iptables. The docker documentation has a good write-up on how to solve it for their implementation

https://docs.docker.com/engine/network/packet-filtering-firewalls/

For your usecase specifically: If you’re using VMs only, you could run it within any VM that is exposing traffic, but for containers you’ll have to run fail2ban on the host itself. I’m not sure how LXC handles this, but I assume it’s probably similar to docker.

The simplest solution would be to just put something between your hypervisor and the Internet physically (a raspberry-pi-based firewall, etc)

+1 for cmk. Been using it at work for an entire data center + thousands of endpoints and I also use it for my 3 server homelab. It scales beautifully at any size.