But to be fair, even 2 ASUS WiFi 6E on their zenwifi like for example are like >300€. A Cloud gateway ultra + U7 pro + PoE injector is around that too. For me the router/AP entrance is in a place that barely gives a signal so it makes so sense to have an access point there.

So I would get more or less the same signal with 1 access point + a wired router than 2 access points.

Depends on your situation of course.

Then use Wireguard to get into your local network. Simple as. All security risks that don’t need to be accessed by the public (document servers, ssh, internal tools, etc…) can be accessed via VPN while the port forwarded servers are behind a reverse proxy, TLS, and an authentication layer like Authelia/authentik for things that only a small group needs to access.

Sorry, but there is 1 case in 10000 where a home user would have to have publicly exposed SSH and 9999 cases of 10000 where it is not needed at all and would only be done out of laziness or lack of knowledge of options.

Woah, let’s not be hasty. A few big tech companies are really good at their jobs…

Let’s not forget the dozens of big tech companies run by absolute morons that bring products that nobody wants or needs and only stay afloat due to legacy, stealing data & selling it, and/or venture capital.

Definitely Red plus. They are quiet as hell and 12TB+ are helium filled.

Just got a 12TB a while ago and it is as quiet as my 4TB drives.

But for OP, just use software raid instead of hardware raid. There is very little point for homelabbers using hardware raid at this point without an existing setup.

Leantime for sure! Because it is very feature complete for project management

My simple itx 2700X server with 2 HDDs was idling significantly less than 55W that his synology was and it isn’t even have low idle power consumption like the synology.

Definitely something off with his method or configuration.

I have an ITX Ryzen 2700X with an arc A380. 3 HDDs and 1 SSD boot drive.

Before some kernel improvements for the A380, my idle wattage was 60W. Without the A380 it was around 35W idle. I am hoping that it is around 45W now because of fixing the high idle wattage of the GPU but I have to measure again.

Performance is great though. Perfect Jellyfin streaming, home automation, document and media management, file sync, recipe management, etc…

People tend to over-spec their servers, in my opinion. Unless you are dealing with more than a few dozen clients or so on one server (or having a many-user dedicated streaming server), you really don’t need much.

Are you absolutely sure that you have the i915 firmware installed and enabled?

If you have gone through these steps of adding the modules: https://jellyfin.org/docs/general/administration/hardware-acceleration/intel/#low-power-encoding

and it doesn’t work, you may have to manually download the git linux firmware library, extract the i915 folder and place it in your firmware folder.

That is how I got jellyfin working on my A380 after pulling my hair out about it.

Please check and post your dmesg starting up.

You should see GUC and HUC enabling.

If you want to mirror the entire system, OS and all, then clonezilla is the best option.

What is Futo? Their website says absolutely nothing besides their “company values.”

What is their business model?

Who is running it?

How do they earn money to give out?

What do they ask in return besides hoarding the trademarks?

Flat fee is always good, but I am always skeptical about these sort of completely opaque, altruistic companies that often turn into not-so-altruistic companies after they see more profit capabilities.

https://www.tomshardware.com/reviews/intel-arc-a380-review/5

Blows the 6950XT and 3090 out of the water in transcoding performance. I would say that is performing very well. That was before drivers have gotten much much better too probably a bigger difference now.

I have one, it is fantastic.

Someone said that it is “not terribly performent” but it doesn’t matter for transcoding. It can do multiple 4k streams of AV1 & HEVC. That is perfect.

According to benchmarks, it beat the 3080 and 6800XT when it was released for transcoding performance. That is what you have to look at in this case, you aren’t gaming on it.

Just remember to enable all of the correct kernel modules to get it working. You often have to manually download the firmware git repo and move it to the firmware folder in Debian to get it working.

Compatibility and storage.

Do you want only 2 devices of the 10 your family possibly owns to work?

Do you want your family to complain that jellyfin “isn’t as good as Netflix/Disney+/etc…” Because it constantly stops to buffer and a can’t keep up the framerate?

It is completely fine if you are single and have 1-2 devices that work with AV1 and h.265 client side and that is all you need, then you don’t have to bother with transcoding at all. When you start letting other people into it, compatibility becomes an issue.

As for storing it beforehand, the entire point of AV1 and HEVC is to significantly reduce the size on disk. If you have to store 10 versions or each file, 5 resolutions each, half h.264, then you are taking up about 20x the space per file compared to 1 copy of HEVC or AV1.

A transcode GPU like the A380 or new QSV compatible CPU is MUCH cheaper than a new good quality 12TB drive lol

Sorry for the long text, it pretty much depends on the living situation.

Swedish city names, but only the ones with pure english characters to avoid hassel 😅

Kiruna

Halmstad

Lund

Etc…

Mealie is absolutely the best

• Home Assistant integration

• SSO through OIDC (though mine is broken and I need to file a bug)

• meal planning functionality with shopping checklists

• equipment checklists

• advanced grouping through tagging, cookbooks, and categories. Everything can be beautifully sorted

• then the holy grail: recipe parsing through URL. I haven’t found recipe parsing this good since the discontinued ChefTap app

Yeah, for that threat model, a VLAN is not needed in my opinion:

• esphome devices are for sure not data collecting and pihole will block most of the phone homes with a good block list, where possible (like simple smart devices) they are flashed with a local open source version. Still the vast majority are KNX and Zwave which are local only

• video cameras are local-only always and have completely blocked internet access via the router

• This is probably the biggest threat unpreventable in other ways. Though definitely citation needed for them actually being caught recording conversations lol. People think phones do that too, but it is simply a lot easier (and more importantly, cheaper with a much higher ROI) to make a complete data picture through search/watch history + proximity to other devices.

Yes, that is why I gave an example of how i thought it worked, but i have a single physical server with *arr suite, HA, reverse proxy, and all of my other services.

If it is a near physical separation of traffic, how can 1 device with 1 MAC and 1 IP be isolated on multiple parts of the VLAN?

Just don’t port forward ssh. There is 0 reason to in 99.99% of home cases

If you are looking for user management and registration, then Authelia is the wrong software for you.

Authelia is a very light weight security layer (and more recently SSO) that is only meant for few users precisely because it doesn’t have an onboarding process, dynamic access control, and more advanced features. Everything is done through config files and secrets. The admin has to manually create a file or plaintext lines with the user and password for each new user and restart the container.

Authentik is what you want if you want a bunch of users and new user sign up.

As for bitwarden/SSO, they should be fully separate. Otherwise you will likely break Bitwarden app and browser integration functionality.

You also do not want to run into the case where you don’t know your SSO password so you can’t get into bitwarden to find the password and you are screwed.

Bitwarden, TOTP method, and SSO should ideally be separate and you should be able to access your passwords and TOTP without requiring any password that is exclusively in the Bitwarden database.

I think he is saying that his physical attack surface is very small since he is remote, so maybe he doesn’t bother?

Either way, encrypting drives is simply always good if you ever resell the computer or upgrade drives.