I have a small homelab that's not nice enough for /r/homelab but is a bit more than just self hosting. Since I'm a decently knowledgeable sysadmin and network engineer, my goal is to build an enterprise-ish environment for myself to tinker around and play inside. This means a lot of my setup is more complicated than it needs to be and I spend a lot of time troubleshooting and debugging my overengineering, so when something breaks my first assumption is that it was something I did. I usually build my stuff to be relatively aelf sufficient when I leave it alone.

But this weekend and today I simply couldn't find what I broke. I was attempting to move a clunky lets encrypt cert renewal job off of my DNS server to somewhere I could better manage it. Why was it on my DNS server? Because for a while now, dynamic updates only half worked for me. My bind9 server was fully capable and I have a custom nsupdate cronjob to update my DDNS records that I installed on my UDM-Pro. But for whatever reason, as soon as I entered my home network^1^ it wouldn't work. Since I thought it better to manage my certs from Proxmox or another internal service, I needed to figure out why this was. I looked high, I looked low, I looked in /etc but there was no configuration error that I could find. I tested the same TSIG key on another machine in my VPC and on my UDM-Pro but there it went without a hitch. The error was weird — NOTIMP — and I couldn't find anything relevant online. As a last resort I turned to ChatGPT^2^, but all this confirmed was that there should be no errors with my configuration. It's conclusion was that it had to be networking.

So i scoured the configuration of my UDM looking for any filtering or traffic rules I had, but nothing was clicking. This wasn't a connection issue, this is the server telling me that updates were not allowed for this zone. I was clearly hitting the DNS server, right? Well there was nothing in the update logs on the server, so I suspected that for some reason the requests weren't making it through. So I spun up wireshark on my UDM and on my DNS server, and saw for myself that the dynamic update requests weren't even reaching the bind server. I would see the update come into the router, and a response from the bind server, so what was responding? This was either some crazy filtering from my ISP — which i knew to be false because updates from the router worked — or my UDM doing something. Finally after some sleep I came back and looked at the UDM cobsole again and it hit me.

Ad block.

I quickly paused it and lo and behold it was blocking my dynamic updates. There was no record of this in the Insights tab; it was just silently absorbing my dynamic updates and masquerading as my name server. I can understand masquerading as name servers due to what its supposed to do, but I have no idea why it would steal my dynamic updates. I wouldn't think what DNS filtering that enables is fail closed. For being a prosumer company, Ubiquiti's features always feel halfway implemented to work in most scenarios but never actually developing full support for things. Yes, I brought this onto myself for enabling ad-blocking (it was good while it lasted, I'll have to reimplement it in a non stupis way) but the fact that it does zero inspection of the DNS opcode before forwarding requests feels dumb.

^1^I have two "sites", my homelab and a cloud VPC; critical infra like DNS and mail is hosted in the VPC.

^2^I minimally use AI for troubleshooting as a last resort to either turn me on a new path to the solution or as a sanity check before I blame a different component.

I will preface this by saying I understand that I am more radical, revolutionary, and extreme of a leftist than most. Despite that, I still ask that you actually engage with this as I'm asking in good faith.

When is enough enough? We have elected a fascist into the highest office and handed the keys to him and his friends. Is now not the time to actually get organized, involved, and armed? In my opinion, the time for peaceful, democratic means of avoiding fascism was before the election. But we have failed to do so, and as such there will soon be a tyrant in power. Are we going to wait until troops are rolling down the street to stage any form of resistance, because by then it's far too late. Now I want to be clear that I am not advocating for random acts of violence or an insurrection like January 6th. But is this not a point of radicalization? Is this not where we start organizing within our communities and getting involved in mutual aid and resistance? How much more do we need before people are actually ready to stand, fight, and maybe even die to avoid continuing down the path that we are on? Fascism is not on the horizon, it is here. Are we really to do nothing about it as a society except lay down and accept our fate? Because that doesn't jive with me. That makes absolutely no sense to me.

ETA: To the people responding, I will admit that I was heated and frustrated when writing this post. Having had time to cool off, reflect, and get some differing viewpoints my stance has changed to focus more on what needs to happen first and what's practical. You may have seen that in my responses. That being said, I don't disagree with what I said here, and I'm still frustrated we're at this point at all. I've linked a comment though that elaborates upon what I actually want to see done though, which is a lot more reasonable and is still inline with this post.

https://lemmy.world/comment/13305217

I often see people in the comments acting like having a fast or loud car immediately makes your dick smaller or that you have ED. And people talk about owning a car as if they've never gone above 40 MPH and are terrified to do so.

For context I live in a city with actually ok mass transit, don't own a car, and prefer to bike/take the train whenever possible. Trains, trolleys, bikes, and feet are the best forms of transportation imo.

That being said, body shaming or making fun of people with physical or mental issues (that may be no fault of their own) is just shitty. It makes this community look shitty. I hate reading comments about "loud car small dick this" or "fast car ED that". It's unnecessary. You can shit on asshole drivers without having to stoop that low. Secondly, some women enjoy cars as well; be more creative.

Finally, don't act like cars can't be fun. I'm all for phasing out the automobile and revolutionizing transport by returning to the ways of olde, but cars are fun. I understand some of you are grandparents and don't like someone revving their straight pipes mustang down your block on a Saturday morning. That's completely reasonable. But my god does this community act like you can't have fun in a car. I absolutely enjoy loud and fast and powerful cars, because that's an incredible work of engineering and it simply can be fun. Going fast can be fun. Being in a car that purrs like a lion can be fun. Going offroading or drifting or racing or anything in a car can be fun.

We won't convince people to see our side by shitting on the things they enjoy. We convince people to try and see things from our point of view by actually looking through their perspective first, and acknowledging that while cars can be fun they are not sustainable.

ETA: Some people seem to think I think public roads should still be for cars. Never did I say that. I think the appropriate place for cars is the track. I would love to convert all the roads in my city to a mixture of bike and pedestrian lanes with trolleys running down the median. But cars can be fun and a track day can absolutely be a great time.

I've been around selfhosting most of my life and have seen a variety of different setups and reasons for selfhosting. For myself, I don't really self host as mant services for myself as I do infrastructure. I like to build out the things that are usually invisible to people. I host some stuff that's relatively visible, but most of my time is spent building an over engineered backbone for all the services I could theoretically host. For instance, full domain authentication and oversight with kerberized network storage, and both internal and public DNS.

The actual services I host? Mail and vaultwarden, with a few (i.e. < 3) more to come.

I absolutely do not need the level of infrastructure I need, but I honestly prefer that to the majority of possible things I could host. That's the fun stuff to me; the meat and potatoes. But I know some people do focus more on the actual useful services they can host, or on achieving specific things with their self hosting. What types of things do you host and why?

Hello! I am migrating some services from an old cloud instance to my homelab. The cloud instance was running NextCloud and as I don't really need the entirety of NextCloud, I'm moving to individual services. It's now time for me to move the most important thing from this NextCloud instance: my calendars and contacts.

I'm looking for a good containerized service to run this. I've taken a look at both Baikal and Davis, but both seem to have issues running rootless. As I have Kerberos throughout my network and am storing the persistent volumes on an NFS share, I prefer to run all my containers under dedicated service accounts. This also means that I would like the DAV server to have LDAP or IMAP authentication. I am also using podman quadlets rather than docker compose, but I can figure out the translation on my own. Worst case scenario here is I just run Davis and talk to the dev about the issues I have (which will probably be done anyways), but I'd like to get something up and running sooner rather than later. Any solutions would be greatly helpful. If there isn't a good containerized solution, I'm also willing to make an LXC or VM but I'd prefer to stick to containers. Thank you!

So this is an interesting one I can't figure out myself. I have Proxmox on a PowerEdge R730 with 5 NICs (4 + management). The management interface is doing its own thing so don't worry about that. Currently I have all 4 other interfaces bonded and bridged to a single IP. This IP is for my internal network (192.168.1.0/24, VLAN 1). This has been working great. I have no issues with any containers on this network. One of those containers happens to be one of two FreeIPA replicas, the other living in the cloud. I have had no issues using DNS or anything else for FreeIPA from this internal network nor from my cloud network or VPN networks.

Now, I finally have some stuff I want to toss in my DMZ network (192.168.5.0/24, VLAN 5) and so I'll just use my nice R730 to do so, right? Nope! I can get internet, I can even use the DNS server normally, but the second I go near my FreeIPA domains it all falls apart. For instance, I can get the records for example.local just fine, but the second i request ipa.example.local or ds.ipa.example.local, i get EDE 22: No Reachable Authority. This is despite the server that's being requested from being the authority for this zone. I can query the same internal DNS server from either the same internal network or a different network and it works handy dandy, but not from the R730 on another network. I can't even see the NS glue records on my public DNS root server.

I'm honestly not sure why everything except these FreeIPA domains works. Yes, I have the firewall open for it and I have added a trusted_networks ACL to Bind and allowed queries, recursion, and query_cache for this ACL. The fact it only breaks on these FreeIPA subdomains makes me think it's a forwarding issue, but shouldn't it see the NS records and keep going? It can ping all the addresses that might come up from DNS, it's showing the same SOA when I query the root domain, it just refuses to work from my IPA domains. Can someone provide any insight on this please, I'm sick and tired of trying to debug it.

Basically title. If I make a quick wash isopropyl alcohol (QWISO) solution, would a vacuum extraction have a meaningful effect on the resulting concentrate? I'm doubt it would have a meaningful impact in terms of flavor and terpene content, but I can see it producing an interesting consistency. The only way I could see it affecting flavor would be if the low pressure caused some volatiles to change, but I kinda doubt that. For the vacuum extraction I would probably just put it in a vacuum chamber.

Completely random stoned hypothetical. Lets day im old as fuck and I decide I'm ready and done. Could I have the same postmortem autopsy done on me while I'm still alive? Like give me a ton of drugs and let me watch myself get dissected as my final moments. I understand there is a legal and possibly moral concern, but is it really ethically that bad if I also want it? Like I'm not taking myself out at my prime, I'm nearly dead anyways. Lemme see myself cut apart that'd be cool as shit, only if I couldn't feel any pain though.

Hello! I have Proxmox VE running on a Dell R730 with an H730. Proxmox manages the disks in a ZFS RAID which is exactly how I want it. Because I intend for this server to have a NAS/file server, I want to set up a container or VM in proxmox that will provide network storage shares to domain-joined systems. Pretty much everything in my lab is joined to FreeIPA, so I'd like to use the IdM features with my file server. I have given TKL FileServer a shot but it really didn't seem up to snuff with what I wanted. I am not looking for a NAS solution that will require me to pass through the RAID controller and disks to Proxmox, as I want Proxmox managing the ZFS pool. I can set up an NFS/Samba server in a container, however in trying to do so I was running into issues (due to it being an unprivileged container) that I can probably figure out but I want to see if anyone has any recommendations first.

For me it's driving while under the influence. If you couldn't tell, I like me some ganja. However I have long since held the belief that it is utterly insane to drive while under the influence of most substances, with maybe nicotine and caffeine being the exception. All too often I see other stoners smoking and driving, which I simply can't fathom. I've only operated a vehicle once under the influence and it was just to move a U-Haul around the block to a different parking spot, which was such a scary experience while high that I refuse to even consider getting behind the wheel again while high.

See previous post and the comments in this link for context.

https://aur.archlinux.org/packages/util-linux-selinux

Context: A few days ago Arch pushed out a legitimately broken update. This was because they shipped out a testing version of util-linux. They very quickly fixed this... except I use SE Linux (say what you will I wanted to dive into it) and now I'm stuck waiting for the maintainer to update the AUR package so I can fix my system. This is not a general arch problem but a me problem because of my less standard, more niche build. Although the wait is genuinely making me reconsider using SE Linux as it's been a hassle to maintain (just to keep things up to date, I gave up on keeping it in enforcing mode).