Damn, same, nuked Traefik when v2 broke the setup I spent hours trying to figure out. I don’t think the concepts are overwhelming, but something is profoundly wrong with their documentation habits. Now someone in the comments here is saying v3 changes the way paths are read with regex? Lol, fuck Traefik, never again.

I don’t think those USB cases are priced realistically at all. For what they’re asking I may as well just buy hardware to build a NAS box.

This has got me concerned, wondering how do you tell it’s old if the controller is replaced? Are there serials or dates on the other parts or just obvious wear?

Came here to ask about the hours. Some quick searching looked like 5 years is an average time to failure, but that might have been for lower-grade hardware?

I appreciate it. The modern world has destroyed my attention span. But I wouldn’t even need to be awake to read that one.

That’s the ideal, but it’s difficult to do that with every single machine. Like even with a computer not every motherboard can be flashed with Coreboot. The closest you can get right now is probably building devices with the ESP32 chips.

Oh, neat, I’ll have to look into that more. It’s able to have some redundancy and does some sort of rebalancing on disk failures?

This was really neat, kinda boils down to “you don’t want to deal with the complexity and it’s horrifically slow.”

“As easy as buying four same-sized disks all at once” is kinda missing the point.

How do I migrate data from the existing z1 to the z2? And then how can I re-add the disks that were in z1 after I have moved the data? Buy yet another disk and add a z2 vdev with my now 4 disks, I guess. Unless it is possible to format and add them to the new z2?

If the vdevs are not all the same redundancy level am I right that there’s no guarantee which level of redundancy any particular file is getting?

Neat! Thank you

I mean, yeah, I’d prefer ZFS but, unless I am missing something, it is a massive pain to add disks to an existing pool. You have to buy a new set of disks and create a new pool to transition from RAID z1 to z2. That’s basically the only reason it fails the criteria I have. I think I’d also prefer erasure encoding instead of z2, but it seems like regular scrub operations could keep it reliable.

BTRFS sounds like it has too many footguns for me, and its raid5/6 equivalents are “not for production at this time.”

They will do power conditioning? My modem is such a sensitive baby I cannot plug anything else in next to it or it starts dropping packets. Would a UPS help with that? Unfortunately I cannot replace the modem, that’s the only one the ISP will give me.

This is great, thank you! My next drive is going to be fast and durable.

I thought you meant 1 TB as a sort of peak performer (better than 2+ TB) in this area. From the description, it’s more like 1 TB is kinda the minimum durability you want with a drive, but larger drives are better?

Why does 1TB help with the wear leveling?

What I was looking at was the All in One, yes. I didn’t realize there was a separate maintained image, thank you! I’d much rather have a single image without access to the socket at all, I’ll give that a shot sometime.

I was looking into setting up Nextcloud recently and the default directions suggest exposing the socket. That’s crazy. I checked again just now. I see it is still possible to set it up without socket access, but that set of instructions isn’t as prominent.

I linked to Docker in specific because if Nextcloud has access to the socket, and hackers find some automated exploit, they could easily escalate out of the Docker container. It sounds like you have it more correctly isolated.

I cannot get the app to connect to my HA with the current setup. I have Cloudflare doing email verification, and the app doesn’t understand how to collect the cookies to make that possible.

Doesn’t Nextcloud running in Docker want the socket exposed?

I googled around for an example https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation.

Ignore me if you’ve already hardened the containers.

Yeah, same, except I tunneled HA out via that Cloudflare daemon. Kinda janky because I cannot use the app with it to do locations, but I can check in on the pets from anywhere.

I’m planning to set up a legit VPN sometime soon.