kumi

This community is funny.

From what I can tell this is is basically the spiritual evolition of Bazzite, by the same team and built with a similar approach. Yet look at how differently they are received.

Brand identity memes are truly impactful these days. Names and presentation seem to drive majority sentiment.

Filling some gaps:

systemctl enable --now firewalld unattended-upgrades  

Read through /etc/firewall/firewalld.conf, especially the part about how containers might bypass your firewall if you don't change defaults.

Also rootless podman should run well out of the box as a mostly drop-in replacement for docker (meanwhile docker also does rootless now) and allows you to run the container runtime unprivileged. This is more secure than adding user to docker (effectively root) group. Setting up autostart by writing systemd .service unit files works the same for both Docker and Podman.

Remember Serverless? Servers all the way down.

INTERMEDIARY BUILD LAYERS WERE NOT SUPPOSED TO BE GIVEN NAMES

DAYS OF REBASING yet NO REAL WORLD USE FOUND for building on anything above fedora:atomic

Wanted to base your image on someone elses anyway to save some work? We had a tool for that, it was called "FORKING"

"Distroless is built on GNOME OS" "error: /Tree contains both /etc and /usr/etc" - Statements dreamed up by the utterly Deranged.

LOOK at what Devs have been demanding your Respect for all this time, with all the servers and window managers we built for them (This is REAL software, done by REAL devs)

https://github.com/ublue-os/bazzite-firmware-nonfree/commits/bf835aec77e3af803acceffb789f8fb076fd779c/

https://github.com/ublue-os/akmods/commit/70af39999c681566bd1c66f23834daa37b996aaa

https://github.com/ublue-os/main/pull/771

"Hello I would like 1.8 pixels please"

They have played us for absolute fools.

Had a fun one when I put an 8x card forking into two nvme drives in a mobo that I thought compatible. No matter what, only one of them connects. Turned out:

• The 8x slot didn't bifurcate at all
• The secondary 16x slot could do up to 8x4x4. Which is the same as no bifurcation for an 8x card in that slot.
• GPU only works in the primary slot

You think you think of everything...

I have a few different makes of these and have been surprised by how big PSU I had to put (versus on-the-wall measured wattage) for them to not occasionally randomly fail and cutting a drive off until reboot. I guess it's spikes they don't handle well. Besides that, the cards themselves obviously add some overhead in that department. Something to consider if low-power is a priority.

There has also been one or two drives that just wouldn't work at all with either card, but were fine in individual slots. Vaguely suspecting drive firmware there.

They do serve their purpose well but just to add some catches for anyone eyeing them. Startech is the brand I had the least glitches with FWIW but keep in mind that's just one anecdote.

Also ask yourself if you really need PCIe4 because the PCIe3 models are quite a bit cheaper, cooler and more stable.

Oh, and make sure your motherboard supports PCIe bifurcation. Especially for older computers that's not always a given.

I repeat myself but check out Odroid H4+.

4 SATA ports and if you split one m2 port you can also put 3 pcie3 nvme (you could split one port up to 4 but just one lane per drive is bit sad).

Same idea as the rotating miniPCs on Ali except you actually have a shot at BIOS upgrades and not as dodgy supply chain.

https://www.hardkernel.com/shop/odroid-h4-plus/

If you put BIOS in power efficiency mode it can run fanless as long as the ambient temperature isn't balming.

If it's really just for NAS this is still more than you really need. You could get away a lot cheaper and leaner with something like the ARM-based HC4.

https://www.hardkernel.com/shop/odroid-hc4/

Or check out Jeff Geerlings PiNAS shenanigans.

The Beelink looks all right. Personally I prefer the flexibility of non-soldered RAM but I guess it's mainly a question of how much of an out-of-box experience you are looking for.

Seeed Studio reServer is also nice, though that's on the beefier and pricier side.

https://www.seeedstudio.com/reServer-Compact-Edge-Server-powered-by-11th-Gen-Intelr-Coretm-i3-1115G4-p-5087.html

Odroid H4+ (Intel N97 4c; comparable to the CPU of that Protectli) and H4 Ultra (Intel N300 8c) also worth considering. Versatile units from a small established Korean maker.

https://www.hardkernel.com/shop/odroid-h4-plus/

https://www.hardkernel.com/shop/odroid-h4-plus/

https://www.hardkernel.com/shop/h3-h2-net-card-2/

If you plan on virtualizing or running a bunch of containers on it I think it's worth looking at the higher-core models and more RAM. If it's just for OPNSense, such 4c with 8G should be plenty.

Also, if you can afford, I strongly suggest getting two of whatever you go for and not doing anything important with the secondary. It really sucks if you have some unexpected issue (hardware failures and OS regressions can happen to anything) and don't have anything on hand to replace your main router with. Since you'll be labbing it can also be very freeing to have a testing/dev/staging/playground/debugging device with the same hardware and messing around won't take down your production network. IMO this is higher priority than higher specs if you have to do tradeoffs.

USB enclosures tend to be less reliable compared to SATA in general but I think that is just FUD. It's not like that's particularly bad for software RAID compared to running with the enclosure without any RAID.

The main argument for not doing that is I believe mechanical: Having more moving parts mean things might, well, move, unseating cables and leading to janky connections and possibly resulting failure.

You will kill your USB controller, and/or the IO boards in the enclosures

wat.jpeg

Source: 10+ years of ZFS and mdadm RAID on USB-SATA adapters of varying dodginess in harsh environments. Of course errors happen (99% it's either a jiggly cable, buggy firmware/driver, or your normal drive failure) but nothing close to what you speak of.

Your hardware is not going to become damaged from doing software RAID over USB.

That aside, the whole project of buying new 4TB HDDs for a laptop today just seems misguided. I know times are tight but JFC why not get either SSDs or bigger drives instead, or if nothing else at least a proper enclosure.

If you consider ZFS and don't mind having the machine offline for a day or two you could fill it up with real (backups!) or a bunch of representative fake data and run some tests/benchmarks before you fully commit. It depends a lot on how the data is structured and what you're running on it and it's possible it will run fine.

On nginx, most of the upstream work on new features is in Nginx Plus, not benefitting free nginx. Several nginx devs have been disagreeing with the way this has been done and the way the project is being managed and left to work on forks. People who agree with the OP sentiment should look into freenginx and angie.

https://www.phoronix.com/news/Nginx-Forked-To-Freenginx

https://mailman.nginx.org/pipermail/nginx-devel/2024-February/K5IC6VYO2PB7N4HRP2FUQIBIBCGP4WAU.html

https://en.angie.software/angie/docs/

http://freenginx.org/

Yo momma still ugly today, FishFace.

The OP is about hosting forwarding or recursive DNS for lookups, not authoritatative DNS hosting (which would be yet at least one separate server).

I count two servers (one clusterable for HA). How is that a lot for a small LAN?

More would also be normal for serving one domain internally and publicly. Each of these can be separate:

• Internal authoriative for internal domain
• Internal resolvers for internal machines
• Internal source-of-truth for serving your zone publicly (may or may not be an actual DNS server)
• Public-facing authoritative for your zone serving the above
• Secondary for the above
• Recursing resolver of external domains for internal use

Some people then add another forwarding resolver like dnsmasq on each server.