MigratingtoLemmy

Hi everyone,

Was just going through tower server listings on Ebay. I'm seeing my options decrease mainly due to not being able to fit a standard ATX/SFX PSU into some of these systems.

For example:

1. Dell Precision T3600/T3610/T5810/T7820 series: PSU with a short height, seems to have about the length of a standard PSU.
2. Lenovo ThinkStation P520 - although this looks like a TFX PSU from the outside, it's actually a very different way to connect to the components inside.
3. HP Z440: strange size of the PSU. I don't think an ATX PSU can fit in there.

Now, I have failed in trying to find brackets to place normal PSUs in these configurations. The reason why I don't purchase PSUs on Ebay is because I can't exactly be sure if they are used or not, and I prefer purchasing new PSUs.

With that said, for everyone who purchases these tower workstations - how do you replace your PSUs?

Thanks.

I might not deserve to say this, but I really wish Proxmox GmbH maintained an "official" terraform provider instead of relying on the community completely for it, à la Vates (XCP-ng). To be fair, it was the same with VMWare, so I'm not putting the blame on them.

For example, neither one out of the two well known Terraform providers (Telemate and bpg) support the newer SDN capabilities. Now, of course, it's new so I completely understand that it would take time to write code for said functionality. Especially when it's a community effort. It's just that if Proxmox handled it directly I feel like the community would be able to better support them by supplementing features on top of a base that they create instead of going from scratch.

I believe Proxmox has said that Terraform is not their priority, and I understand. It's a bad economy and companies are looking to downsize anyway. With that said, I hope I do get to see this someday.

Speaking of which, which IaC tool do you use for your Proxmox install/cluster?

For context: I want to automatically enable Intel SGX for every VM and LXC in Proxmox, but it doesn't seem like there's a way to do it using APIs AFAIK (so Terraform is out of the question unless I've missed something) other than editing the template for the individual LXC/VM.

I'd like to know if there's a tool that can automate this. I could potentially write a shell script but I'd like to know if there's something that's mature software before I go do this. I have been reading about Packer, Vagrant and cloud-init but I don't think this is something in their scope of usage.

Thanks!

I am going to intentionally exclude Unifi and Mikrotik along with the vendors like Cisco, Juniper, Aruba etc from this discussion as I don't think they are relevant (especially since you can't run them on your hardware).

1. OPNsense: Considered the superior alternative to PFSense. Great firewall, routing capabilities, IDS and certificate authority, advanced features, can be a DNS server etc. Best option all around for x86, but BSD based - take note of available drivers. Don't even think about running random WiFi antennas unless you confirm good support for them (use a distinct WAP).
2. OpenWRT: built for consumer router + switch + WAP boxes on embedded hardware. Great OS and uses very little resources with many features, but doesn't compete in features with OPNsense if you have x86.
3. VyOS: Debian based router + firewall. Linux makes it easier for people to pick up the CLI but I've heard complaints about it being difficult to follow. Currently CLI only, at least without third-party solutions, but is powerful and competes directly with OPNsense for features for the most part. Edit: I made a mistake - LTS versions also have their source available for free, you'd just need to compile it with the instructions on their website. Seems to be stable.
4. Debian + FRRouting + nftables + heavy SELinux for the paranoid/analogous alternatives on OpenBSD (the latter is considered more secure but YMMV, configuration plays a big part here).
5. Freemium: Sophos free version for home use.

Which one of these do you run, and why? What have been your issues with one or the other, and what have you settled on? Any niche customisations that you might have made? I'm very interested to know!

Cheers

Edit: it would seem that OPNsense is a big winner in this space for stability. OpenWRT comes next because of it's very light nature and ability to run on consumer routers.

I'm curious as to why someone would need to do that short of having a bunch of users and a small office at home. Or maybe managing the family's computers is easier that way?

I was considering a domain controller (biased towards linux since most servers/VMs are linux) but right now, for the homelab, it just seems like a shiny new toy to play with rather than something that can make life easier/more secure. There's also the problem of HA and being locked out of your computer if the DC is down.

Tell me why you're running it and the setup you've got that makes having a DC worth it.

Thanks!

As the title says, I want to know the most paranoid security measures you've implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I'm wondering how deep this paranoia can go (and maybe even go down my own route too!).

Thanks!

As most people here might know, Session utilises a TOR-like onion routing system with some changes to route traffic. The username is the public key whilst the password is the private key.

Recently, a new project built on top of this seems to be in the works: https://simplifiedprivacy.com/freespeech/

I'd like to know the community's opinion of session and how much would you trust its technology. Thanks!

Hello everyone, I've been thinking about this for a bit and am looking for opinions/alternatives.

Essentially, I'd like to encrypt my shares (NFS/Samba) on my local network. I'm awake that Kerberos is a good option with NFS, but I was hoping for something simpler. The other idea I have right now is to use stunnel with NFSv3/Samba to encrypt my traffic but I don't know if this is a good idea.

How are you doing it? What do you suggest?

Thanks!

If any of you have been browsing r/privacy lately you would have come across the British student who had the Air-force literally swarm the flight he was on. This is because he made some joke about a bomb sitting in an airport.

Current speculation suggests that Snapchat has a word-filter and could locate the IP as that of an airport, and notified authorities immediately. Another, somewhat less plausible reason posited is that the government holds the private keys for TLS-encrypted traffic for Snapchat and could decrypt and read the message and that's how they knew.

~~For the paranoid people here: the latter claim, even if it is not true, poses great concern to us. If im may be permitted to run with it; It essentially means that using a public CA isn't exactly safe anymore. For all of you homelabbers using Let's Encrypt - think again.~~ Don't listen to me, I don't understand certificates well.

Talking on a tangent: let us consider the position of TOR. It has been said that TOR devs accommodate the government and the government has backdoors built in TOR. And even if they didn't, the technique of owning a majority of instances running TOR nodes will allow them to identify and associate traffic. TOR is not safe if you want to really keep your content private. On a similar vein, I am a bit skeptical of the privacy advantages of using session, but I have yet to read their whitepaper.

I haven't read much about i2p, but I wouldn't be surprised if the government has their paws in there too.

What are you doing to browse and communicate privately today?

Hi community,

I've been looking at the older Lenovo P310/P500/P510 workstations as an alternative to Dell optiplexes on the used market. What I'm worried about is the PSU specifications required for the P500/P510 - do these support TFX PSUs? Can someone confirm?

Thanks!

Hi everyone, I found the great question on booting encrypted drives, and since I'm somewhat paranoid I'd like to ask a follow-up:

When the key to decrypt the drive is input into the system, I'm assuming it stays in the RAM till the time the computer shuts downs. We know that one could, in theory, get a dump of the contents of the RAM in such a state, if done correctly. How would you deal with this problem? Is there some way to insert the USB, decrypt the drive, and then remove the USB and all traces of the key from the system?

Thanks!

Edit: link to the question I referenced: https://feddit.de/post/6735667

I was going through Pine64's page again after I found the latest KDE announcement. With that said, I seem to see a lot of issues with firmware on the Pine, whilst the Librem is just plain out of budget for me. Was interested in how many people here run a Linux mobile as a daily driver, and how has your experience been?

I'm considering purchasing the Pine but I'd like a better screen, more RAM and a better CPU. Don't know if I should wait for a new model to be released (are they even planning to do that? Is the company active?). I will only really use it to browse the Web, and might even look to desolder a couple of parts that I know I won't use.

Thanks.

Edit: I am willing to watch content and use banking apps from the browser. Do you think it'll be fit for me?

Edit 2: overall, I am much saddened about the state of affairs regarding private computing on the go. I desperately hope that Linux on mobile takes off, even though its incubation looks disheartening at the moment. Thank you everyone for your comments.