Can you backup directly to backblaze? Bypassing the 1TB drive?

Ha, same here. HAProxy plugin running on my opnSense. I should probably try caddy because HAProxy is complete overkill for my requirements.

Very good, that makes things much easier. Has been a while since I used pihole but when I did I used pihole to serve the internal IPs.

The tips are maybe one or two milimeters away from the sidepanel. So it does fit, but just barely. Playing D4 results in temps of 70-80°C, which is absolutely acceptable to me.

The only issue I ran into was enabling DOCP on the RAM. I did not inform myself about RAM speeds and AMD processors beforehand and thus needed to CMOS reset after the system stopped booting 🙃

Looking good! I didn’t know that Noctua still made top-down-coolers of that size.

Try running this command on your target system:

cat $HOME/.ssh/authorized_keys

Does the private key part of your key pair show up in the list?

This is the perfect opportunity to set up a pihole. Its primary purpose is to block ads network wide but since it is essentially a DNS with a block list you can also set custom dns-entries.

There seems to be a bit of a misunderstanding of what a reverse proxy does.

The proxy should accept requests on port 80 and 443 and on the basis of the requested website route you to the correct adress:

1. Request for jellyfin.mydomain.com comes in
2. Reverse proxy checks where it should reroute it -> host.of.jellyfin:8443

So your client thinks its talking to your jellyfin-instance over port 443 but in actuality your proxy reroutes the traffic to wherever your jellyfin needs it to arrive.

No problem, happy to help. Since I am not sure about your knowledge-level I will start from the basics, namely your ISP router.

It is in fact several devices in one:

1. A modem: The Modulator / Demodulator converts the signal from whatever standard they use on the cable net (likely some version of DOCSIS) into something the rest of your network can understand.

2. A router: This routes network packets between different networks. In your case that would be your internal network (probably 192.168.X.X) and the internet. Everytime different networks need to talk to each other a router will be needed between them. It also does NAT which is explained well here.

3. A firewall: While a router can guide a packet to where it needs to go, it can not decide whether it is welcome there. A firewall can check packets according to various configured criteria and decide to pass or block it. Very helpful to keep the FSB out of your porn collection.

4. A switch: Functions as a sort of central interconnect between wired devices. Much like an old telephone exchange where ladies would literally connect plugs with wires to create a direct connection between callers. The one in your ISP provided device is likely an “L2 dumb switch” <- more on this later.

5. A wifi access point: Very simplified basically a switch that works with radio waves instead of physical wires. Again, very simplified.

This is all very nice and comfortable for your basic home user. But it also greatly limits your options if you want to do something different than whatever the manufacturer of your ISP-device deems fitting. The most common option to cirumvent this is to separate the functions out into their own devices, using software and hardware that you have much more control over. Businesses do the same, depending on their size and requirements. It is therefore also good practice for a future career in system administration and networking.

In your case I would recommend the following:

1. Check if your ISP-device allows you to set it in passthrough mode. This switches functions 2-5 off and turns it into a pure Modem and nothing else. DOCSIS comes in from the cable net, good old standard TCP/IP (among other things) comes out of the other. This is where you plug in device number 2/3.

2/3. Here is where opnSense comes in. It is a combined router AND firewall. This specific combination of functions is what most small and medium businesses use. Very large organisations may further separate out routing and firewalling into dedicated devices. But that is Facebook / Google / Microsoft level stuff. You connect the modem into the WAN-port of opnSense and device number 4 into the LAN-port. opnSense sits in the middle.

4. Get yourself a separate switch with as many ports as you need. Make sure that it supports the following functions: LACP (also known as IEEE 802.3ad), 802.1x and L2 VLAN (also known as IEEE 802.1q). POE might be useful as well, to supply some devices with power directly over the network. These weird words will become relevant later if you choose to go deeper into this rabbit hole. You won’t need them in the beginning but this way you are ready to really get into the deeper stuff.

5. Add in an access point to cover all your wifi needs. Make sure that it is an access point, not a wifi router. Some routers can be set to access point mode but thats just a waste of capabilities. The access point basically converts wired signals into radio. I recommend ubiquiti for this.

But for your next step you should start researching the five different functions I outlined in my first list. If I’m not sure about somethings (happens quite often ;-)) I literally type “whatever for dummies” into google and start reading. Don’t be embarassed to start at the bottom, we all came from there in the beginning. There are also some good youtube channels that might help. Once you are somewhat confident that you at least generally know what those magic five do you can start with the second list.

Feel free to ask further questions but it’s night time in my time zone so answers will take a while. Good luck and above all: Have fun. This is a fascinating topic and you can spend years exploring it.

AMD EPYC 7B12 / 256GB RAM / Supermicro H12SSL-i / 4x2TB Samsung 980 Pro in ZFS RAIDZ-10

Total overkill for what is currently running on it. But who knows what the future brings.

Current:

Docker-based

• Portainer
• SabNZBD
• Radarr
• Sonarr
• Prowlarr
• Gotify
• Jellyfin
• Bitwarden
• Paperless NGX
• Watchtower

As a VM in Proxmox VE

• KASM workspaces because it’s really cool
• Random Windows 11 VM attached to KASM for some remote work
• Random Windows Server 2022 to play around with

As an LXC in Proxmox VE

• Ubuntu-based SSH jump-host
• Ubuntu-based Unifi-controller
• Ubuntu-based crowdsec concentrator