Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)P

Pete90

@ Pete90 @feddit.de

Posts
14
Comments
80
Joined
3 yr. ago

  • Feedback on Network Design and Proxmox VM Isolation

    Jump

  • Thank you so much for your kind words, very encouraging. I like to do some research along my tinkering, and I like to challenge myself. I don't even work in the field, but I find it fascinating.

    The ZTA is/was basically what I was aiming for. With all those replies, I'm not so sure if it is really needed. I have a NAS with my private files, a nextcloud with the same. The only really critical thing will be my Vaultwarden instance, to which I want to migrate from my current KeePass setup. And this got me thinking, on how to secure things properly.

    I mostly found it easy to learn things when it comes to networking, if I disable all trafic and then watch the OPNsense logs. Oh, my PC uses this and this port to print on this interface. Cool, I'll add that. My server needs access to the SMB port on my NAS, added. I followed this logic through, which in total got me around 25-30 firewall rules making heavy use of aliases and a handfull of floating rules.

    My goal is to have the control for my networking on my OPNsense box. There, I can easily log in, watch the live log and figure out, what to allow and what not. And it's damn satisfying to see things being blocked. No more unknown probes on my nextcloud instance (or much reduced).

    The question I still haven't answered to my satisfaction is, if I build a strict ZTA or fall back to a more relaxed approach like you outlined with your VMs. You seem knowledgable. What would you do, for a basic homelab setup (Nextcloud, Jellyfin, Vaultwarden and such)?

  • Feedback on Network Design and Proxmox VM Isolation

    Jump

  • This sounds promising. If I understand correctly, you have a ton of networks declared in your proxy, each for one service. So if I have Traefik as my proxy, I'd create traefik-nextcloud, traefik-jellyfin, traefik-portainer as my networks, make them externally available and assign each service their respective network. Did I get that right?

  • Feedback on Network Design and Proxmox VM Isolation

    Jump

  • Thanks for your input. Am I understanding right, that all devices in one VLAN can communicate with each other without going through a firewall? Is that best practice? I've read so many different opinions that it's hard to see.

  • Proxmox SMB Share not reaching full 2.5Gbit speed

    Jump

  • Nevermind, I am an idiot. You're comment gave me thought and so I checked my testing procedure again. Turns out that, completly by accident, everytime I copied files to the LVM-based NAS, I used the SSD on my PC as the source. In contrast, everytime I copied to the ZFS-based NAS, I used my hard driver as the source. I did that about 10 times. Everything is fine now. THANKS!

  • Proxmox SMB Share not reaching full 2.5Gbit speed

    Jump

  • Both machines are easily capable of reaching around 2.2Gbps. I can't reach full 2.5Gbps speed even with Iperf. I tried some tuning but that didn't help, so its fine for now. I used iperf3 -c xxx.xxx.xxx.xxx, nothing else.

    The slowdown MUST be related to ZFS, since LVM as a storage base can reach the "full" 2.2Gbps when used as a smb share.

  • Proxmox SMB Share not reaching full 2.5Gbit speed

    Jump

  • Its videos, pictures, music and other data as well. I'll try playing around with compression today, see if disabeling helps at all. The CPU has 8C/16T and the container 2C/4T.

  • Proxmox SMB Share not reaching full 2.5Gbit speed

    Jump

  • The disk is owned by to PVE host and then given to the container (not a VM) as a mount point. I could use PCIe passthrough, sure, but using a container seems to be the more efficient way.

  • Proxmox SMB Share not reaching full 2.5Gbit speed

    Jump

  • I meant mega byte (I hope that's correct I always mix them up). I transferred large videos files, both when the file system was zfs or lvm, yet different transfer speeds. The files were between 500mb to 1.5gb in size

  • Proxmox SMB Share not reaching full 2.5Gbit speed

    Jump

  • I don't think it's the CPU as I am able to reach max speed, just not using ZFS...

  • Proxmox SMB Share not reaching full 2.5Gbit speed

    Jump

  • Good point. I used fio with different block sizes:

     
        
fio --ioengine=libaio --direct=1 --sync=1 --rw=read --bs=4K --numjobs=1 --iodepth=1 --runtime=60 --time_based --name seq_read --filename=/dev/sda

4K = IOPS=41.7k, BW=163MiB/s (171MB/s)
8K = IOPS=31.1k, BW=243MiB/s (254MB/s)
IOPS=13.2k, BW=411MiB/s (431MB/s)
512K = IOPS=809, BW=405MiB/s (424MB/s)
1M = IOPS=454, BW=455MiB/s (477MB/s)

    I'm gonna be honest though, I have no idea what to make of these values. Seemingly, the drive is capable of maxing out my network. The CPU shouldn't be the problem, it's a i7 10700.

  • Is there a way to have my own Youtube-like interface for downloaded YT Videos?

    Jump

  • Tubearchivist works well for me and integrates with jellyfin.

  • Sonarr-style auto-downloader for YouTube?

    Jump

  • Tubearchivist works great for me. Downloader, database and player, all in one. Even integration with jellyfin is possible, not sure about plex though.

  • Proxmox: data storage via NAS/NFS or dedicated partition

    Jump

  • Ah, thank you for clearing that up, much appreciated!

  • Proxmox: data storage via NAS/NFS or dedicated partition

    Jump

  • That makes sense, especially when the drives are equally old. Thanks for explaining it!

  • Proxmox: data storage via NAS/NFS or dedicated partition

    Jump

  • I'm curious. Where is the problem with small drives for RAID5? Too many writes for such a small drive?

  • Proxmox: data storage via NAS/NFS or dedicated partition

    Jump

  • That sounds very interesting and I'll definetly look into it. Thank you!

  • Proxmox: data storage via NAS/NFS or dedicated partition

    Jump

  • It's good to know, that it works. I will probably play around for a bit once I get my hardware. Thanks for letting me know!

  • Proxmox: data storage via NAS/NFS or dedicated partition

    Jump

  • That's also something I was considering briefly. While I'm waiting for hardware, I did basically that or at least I think I did. Although, I didn't use a bind mount, because I only have one drive for testing, so I created a virtual disk.

    What exactly do you mean with bind mount? Mount the data set into the container? I didn't even know, that this was possible. And what is a data set? Sorry, I'm quite new to all this. Thanks!

  • How I accidentally wiped my server by having a typo in my Nextcloud docker config

    Jump

  • I did that when I started working with Linux. I thought / meant the current directory, boy was I wrong!