Also worth noting that pfsense was ready and intending to knowingly ship a broken and insecure wireguard integration
Also worth noting that pfsense was ready and intending to knowingly ship a broken and insecure wireguard integration
Yup that’s exactly correct. I will say one of the benefits of the AC finity is the alarm. If the temp gets too high it beeps to let you know
https://acinfinity.com/closet-room-fan-systems/
They have a lot of products, including other fans and thermostats. I’ve had their media cabinet fans running 24/7 for 4-5 years now with no problems. Highly recommend it.
Otherwise you could use something like this and a standard 12v power adapter https://www.tindie.com/products/mmm999/dc-12v-four-wire-thermostat-pwm-pc-cpu-fan/
You’ve gotten a lot of good answers, so I’m going to do some out of the box thinking - maybe it will spark a few ideas.
Goal:
Issues:
So if I were going to do this myself, I’d start with a pelican or other similar watertight container. We don’t want the equipment getting wet, and we don’t want it exposed to the salty air.
I’d probably pick a usff computer, like a dell 9020 or maybe a framework motherboard. To get the storage, I’d get one of these to add multiple sata ports to the computer. Then its a matter of getting a bunch of ssds and powering them. I think the 12v goal is going to be too restrictive, most laptops need 19v to charge, so I’d just bite the bullet and get an inverter. If you’re really tight on power you could go with a pi, but the framework motherboard/usff both use mobile processors, and shouldn’t draw too much while idle.
Any wires that pass though to the case should be made through waterproof bulkheads.
Personally I’d nix the HDMI out requirement. One more port to keep track of and it complicates the self hosting. If you want it for media streaming to a TV then I’d recommend a roku and just run a jellyfin server on the computer. If you want it for server debugging I wouldn’t bother running it out of the case.
The last thing I’d do is figure out cooling. For this I’d probably create some sort of closed loop heat exchanger from the case to either the outside air or the lake/ocean itself. This could be as simple as a pump running water through two radiators, one in the case and the other outside or just dumped overboard. If you know your power usage ahead of time you might be able to get away with a peltier element, dumping the heat outside the case.
I’d probably put this all on its own power system, get a solar panel, battery, inverter, etc. It could even get topped off by the boat’s system if it needs extra juice.
Also whatever you do, I’d figure out a way to ensure you’re giving your system a clean and steady 12v.
“The cause is a new SATA specification which includes the ability to disable power to the hard disk. When you look at the SATA power connection on the back of your hard drive, there are 15 pins that make contact with your power supply. It’s the third pin that delivers a 3.3V signal that disables the drive. What we need to do is prevent that third pin from making contact with the power cable.”
Some hotswap harddrive bays use this feature, definitely more common in enterprise scenarios or in USB HDD enclosures.
I’ve always liked the ultrastar line. Used to be made by HGST and then WD bought them. I’m using specifically the HC530 14tb. The line has a long history of being very reliable enterprise drives.
I’ve bought mine from both goharddrive and serverpartsdeals. Both are reliable resellers of used storage. They’ll warranty the drives for 2 or 5 years depending on which you to with. Prices are ~$130-$150.
Be aware you might need to do the electrical tape over some of the power pins hacks depending on your setup.
Ps. One of the listings for the HC530 on goharddrive or serverpartdeals is incorrectly labels as HC520. Just pay close attention.
As far as raid goes, Raid 10 is currently very popular for its speed and drive failure tolerance. Remember, raid is not a replacement for the 3-2-1 backup rule. Raid has some fault tolerances for bad hard drives, but doesn’t protect against a failed raid card, fire, flood, robber, acts of god, etc.
You can also look into zfs and truenas if you feel inclined. Be aware that if you go with this setup, ecc ram is basically a requirement
Migadu micro tier is $19/year. Great service and has a great privacy policy. Basically unlimited domains. Ive been very happy with them.
Ah ok. I’ve done opnsense and pfsense both virtualized in proxmox and on bare metal. I’ve done the setup both at two work places now and at home. I vastly prefer bare metal. Managing it in a VM is a pain. The nic pass through is fine, but it complicates configuration and troubleshooting. If you’re not getting the speeds you want then there’s now two systems to troubleshoot instead of one. Additionally, now you need to worry about keeping your hypervisor up and running in addition to the firewall. This makes updates and other maintance more difficult. Hypervisors do provide snapshots, but opnsense is easy enough to back up that it’s not really a compelling argument.
My two cents is get the right equipment for the firewall and run bare metal. Having more CPU is great if you want to do intrusion detection, DNS filtering, vpns, etc. on the firewall. Don’t feel like you need to hypervisor everything
So you’re planning to reuse the same hardware that the firewall is running on now, by installing a hypervisor and then only running opnsense in that?
Did you expose your router login page to the open internet? How’d they get access? Why are you chmoding anything to be 777?
They are decommisioned datacenter drives, this could be for a variety of reasons (including errors). There are many discussions online about them wiping smart data.
It depends on your use case, I have a few of their drives in a nas specifically for media. I received one bad drive that failed my burn in tests, which they exchange without issue. All of my important files are stored on a seporate ssd based store.
All depends on your risk tolerence and needs.
Serverpartdeals is good. https://www.goharddrive.com/ is another option. Generally slightly more expensive than serverpartdeals, but with better warranty. Both are reputable options
Have you considered making your own firewall running opnsense? You could toss in a 10g nic or two
Something I’ve been wanting to work on is a TUI wizard for configuring software.
The thought is most Linux server program use various config files, and in order to configure them correctly it generally takes a few minutes to a few hours to read through their documentation. But a lot of the configuration boils down to passwords/keys, file paths, network locations, a few different booleans, etc.
So the general idea is, for a program, the developer or the community can provide a config file telling the TUI wizard what arguments the config file needs, and this one program can walk the end user through setup and generates the config files. This would reduce the amount of time hunting through documentation and reduce bugs due to typos or invalid choices.
It could go a step further and auto generate keys or passwords if needed, validate entries (ie if the config needs an IP it could make sure it’s valid, etc)
Maybe you’d be interested in https://wazuh.com/
Proxmox has a virtual monitor in its web interface, so you can access the desktop of a virtual machine that way. It’s a little clunky but works ok for quick configuration. Alternately you could remote desktop into the virtual machine.
Quicksync is a little more tricky. GPU pass through is a pain, and I’m not sure off the top of my head about that. You can Google “proxmox quicksync passthrough” and see if any solutions will work for you. There’s a chance that all you would need to do is set the processor type correctly in the virtual machine settings, but I’m not sure.
Have you considered replacing the OS with proxmox and running everything in virtual machines?
What no one else has touched on is the protocol used for network drives interferes with databases. Protocols like SMB lock files during read/write so other clients on the network can’t corrupt the file by interacting with it at the same time.
It is bad practice to put the docker files on a NAS because it’s slower, and the protocol used can and will lead to docker issues.
That’s not to say that no files can be remote, jellyfin’s media library obviously supports connecting to network drives, but the docker volume and other config files need to be on the local machine.
Data centers get around this by:
My advice is to buy a new SSD and clone the existing one over. They’re dirt cheap and you’re going to save yourself a lot of headache.
I definitely recommend you do your own research into this. Brute forcing ssh keys should be practically impossible. Is it necessary to install fail2ban with password login disabled? Not sure, I’m of the opinion that it won’t hurt, just one more line of defense. It’s pretty easy to setup.
Seems like nextcloud is the weak link, can you access them another way? Through a network share?