NFS over WireGuard is probably going to be the best when it comes to encrypted file shares without the need to set up Kerberos. Just set up the WireGuard tunnel and export over those ips.
It does have quite a bit of overhead, meaning it’s not the fastest out there, but as long as it’s fast enough to serve the media you need, that shouldn’t matter.
Also, you need to either mount it manually on the command line whenever you need it or be comfortable with leaving your SSH private key in your media server unencrypted. Since you are already concerned with needing to encrypt file share access even in the local network, the latter might not be a good option to you.
The good part about it is, as long as you can ssh from your media server to your NAS, this should just work with no additional setup needed.
I will keep the magnets if I ever get into this in the future, but not the platters. I’ll just safely destroy them and dispose of them.
So far I only had 3 laptops and no desktops. I had 0 HDD failures, since I only ever had 3 of them so far.
The oldest one is more than 17 years old 80GB 2.5" Fujitsu HDD.
Back in the day, I’d go through HDDs faster than systems-always needed to add storage before I could replace the CPU. I didn’t start disassembling them until they got up to the 500 _M_B range, but you’d often get 3 platters back then. OP must be harvesting from a whole workgroup - I’ve only got a 3cm stack and 7 drives waiting for the screwdriver.
Return for refund or replacement. If you’re even slightly concerned about WD giving you trouble, but know eBay/the seller won’t, just go that path since it’s still available.
Yeah I’m guessing this is the easiest option to just get my money back. Appreciate it and I’ll update the post with what I go with. I already have another drive that I tested and works so I’m not desperate for now.
A lot of people, myself included, got pissed off at the Pi Foundation during the chip shortage for exclusively shipping boards to business customers who vacuumed up every single one of them faster than any consumer could. You couldn’t shake a stick at any Pi for less than 3x MSRP from scalpers, which at that point, you’re literally better off grabbing a NUC. They showed their true colors and it left a bad taste in all our mouths, and I will never be buying another Pi.
Really the ARM hate just comes down to ecosystem support. A lot of the SBC’s from other Chinese suppliers have mid kernel/OS level support at best, and a limited range of compiled software. For a lot of purposes, going x86 simplifies setup and opens up the software realm so, so much.
If you’ve an OpenWRT compatible router why are you thinking about pfsense? There isn’t much to gain there, your OpenWRT will do NAT and also has a firewall.
I like this device since 3ports would allow me to create a physically separate DMZ
OpenWRT can do this as well. What are your plans with the DMZ tho?
Be careful with the use of the acronym DMZ as in the context of typical routers and ISPs it has a different meaning of what you’re implying here. DMZ usually is used in the context for a single host that is “outside” the ISP router’s firewall and all requests coming into the ISP router will be forward to that device.
With my current diagram, it seems like it is not possible for the NAS to receive updates from the internet.
You NAS will never “receive updates” it will ask for updates. Maybe add a firewall rule that allows traffic from the NAS to the internet but not the other way around (this is usually the default state of any router, it will allow local devices to go to the internet but not incoming connections to those devices).
My TrueNas has 2x2.5Gb ports. Can i connect each NIC to a different network? Would this have any benefit?
You can, but is it really worth it? If someone hacks the device they’ll access the rest of the network. Same applies to your computers and cames consoles, they can be used to jump to the other side and vice versa.
Frankly I don’t see the usefulness of your setup as you’ll end up with weak points somewhere. Just get a single OpenWRT router and throw everything into the same network. Apply firewall restrictions as needed.
Logseq is great. It’s still in early development. Only sync is not so great. I use Git and wrote two scripts (pull/push) for Android which I start manually. The desktop application is very powerful and extensible. The app only supports the most common features without any plugin support.
It’s a very different kind of beast, but I’m very much enjoying it so far. Linking things is definitely Joplin’s weak point whereas this is a core strength for logseq.
I often used bullet points in my Joplin notes, so having that as the default works for me too. However, since Op has said they want plain text notes Obsidian seems like a better fit (although logseq does save pages as text it’s not what it feels like in use).
I also use Logseq and I use SyncThing to sync between devices. I just started a month ago, so I can’t say for sure, but so far it has been pretty great.
with a NAS i tend to go with a commercial product, and only for that purpose. it stores the data, maybe serves it up as file server. thats the NAS one job.
my processing happens on another box, like your pi. i want the nas focused on its single purpose.
so my suggestion would be to pickup a netgear/synology whatever, but only use it as a nas.
if you want to expand that pi, just use a real machine and upgrade yourself to maybe a nice docker setup.
This is where I landed on this decision. I run a Synology which just does NAS on spinning rust and I don’t mess with it. Since you know rsync this will all be a painless setup apart from the upfront cost. I’d trust any 2 bay synology less than 10 years old (I think the last two digits in the model number is the year), then if your budget is tight, grab a couple 2nd hand disks from different batches (or three if you budget stretches to it,).
I also endorse u/originalucifer’s comment about a real machine. Thin clients like the HP minis or lenovos are a great step up.
selfhosted
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.