[-] pyrosis@lemmy.world 12 points 2 months ago

I remember the old videos of rockets exploding on launch pads when we were first building them. We have come a long way.

I suspect they will just learn something new from this and they will last even longer.

[-] pyrosis@lemmy.world 4 points 5 months ago

Have a look at Stirling PDF. It's a self hosted alternative to most if not all Adobe functions that she might care about. It can be setup with docker.

https://github.com/Stirling-Tools/Stirling-PDF

[-] pyrosis@lemmy.world 8 points 5 months ago

Honestly at this point that is docker and docker compose.

As to what to run it on that very much depends on preference. I use a proxmox server but it could just as easily be pure Debian. A basic webui like cockpit can make system management operations a bit more simplified.

[-] pyrosis@lemmy.world 6 points 6 months ago

To most of your comment I completely agree minus the freedom for choosing different disk sizes. You absolutely can do that with btrfs or just throwing a virtual layer on top of some disks with something like mergerfs.

[-] pyrosis@lemmy.world 17 points 6 months ago

Pretty much this it gets it's own folder and in jellyfin it's own library. You just give mom access to this and whatever else you want to. you unselect that library for everyone else. The setting is under users. It's straightforward and is a check mark based select. You probably have it set to all libraries right now. Uncheck that and you can pick and choose per user.

[-] pyrosis@lemmy.world 27 points 6 months ago

How about defense against dhcp option 121 changing the routing table and decloaking all VPN traffic even with your kill switch on? They got a plan for that yet? Just found this today.

https://www.leviathansecurity.com/blog/tunnelvision

[-] pyrosis@lemmy.world 4 points 6 months ago

Are you using tvheadend and their jellyfin plugin? Asking out of curiosity.

https://github.com/tvheadend/tvheadend

Anyway Plex and emby come to mind.

[-] pyrosis@lemmy.world 4 points 6 months ago

This is a journey that will likely fill you with knowledge. During that process what you consider "easy" will change.

So the answer right now for you is use what is interesting to you.

Yes plenty ways to do the same thing in different ways. Imo though right now jump in and install something. Then play with it.

Just remember modern CPUs can host many services from a single box. How they do that can vary.

[-] pyrosis@lemmy.world 5 points 6 months ago

Hardware support can be a bit of an issue with bsd in my experience. But if you're asking for hardware it doesn't take as much as you may think for jellyfin.

It can transcode just fine with Intel quic sync.

So basically any moden Intel CPU or slightly older.

What you need to consider more is storage space for your system and if your system will do more than just Jellyfin.

I would recommend a bare bones server from super micro. Something you could throw in a few SSDs.

If you are not too stuck on bsd maybe have a look at Debian or proxmox. Either way I would recommend docker-ce. Mostly because this particular jellyfin instance is very well maintained.

https://fleet.linuxserver.io/image?name=linuxserver/jellyfin

[-] pyrosis@lemmy.world 4 points 6 months ago

What is the underlying filesystem of the proxmox hypervisor and how did you pass storage into the omv vm? Also, is anything else accessing this storage?

I ask because...

The "file lock ESTALE" error in the context of NFS indicates that the file lock has become "stale." This occurs when a process is attempting to access a file that is locked by another process, but the lock information has expired or become invalid. This can happen due to various reasons such as network interruptions, server reboots, or changes in file system state.

[-] pyrosis@lemmy.world 6 points 7 months ago

Firewall and deciding on an entry point for system administration is a big consideration.

Generating a strong unique password helps immensely. A password manager can help with this.

If this is hosting services reducing open ports with something like Nginx Proxy Manager or equivalent. Tailscale and equivalent(wire guard, wireguard-easy, headscale, net bird, and net maker) are also options.

Getting https right. It's not such a big deal if all the services are internal. However, it's not hard to create an internal certificate authority and create certs for services.

If you have server on a VPS. Firewall is again your primary defense. However, if you expose something like ssh fail2ban can help ban ips that make repeated attempts to login to your system. This isn't some drop in replacement for proper ssh configuration. You should be using key login and secure your ssh configuration away from password logins.

It also helps if you are using something like a proxy for services to setup a filter list. NPM for example allows you to outright deny connection attempts from specific IP ranges. Or just deny everything and allow specific public IPs.

Also, if you are using something like proxmox. Remember to configure your services for least privileges. Basically the idea being just giving a service what it needs to operate and no more. This can encompass service user/group names for file access ect.

All these steps add up to pretty good security if you constantly assess.

Even basic steps in here like turning on the firewall and only opening ports your services need help immensely.

[-] pyrosis@lemmy.world 6 points 7 months ago* (last edited 7 months ago)

Just a little heads up about multiple USB drives. They kinda suck sharing on the hub and raids tend to destroy them because of the way they "share" bandwidth on the hub.

To avoid this problem one solution is a USBc to SATA enclosure. The idea being the enclosure having a SATA controller and a few SATA ports you can plug in a few drives. You would be avoiding the multi USB port "sharing" issue. The enclosure would have all the usb hub bandwidth and the hub wouldn't be switching around between ports.

I learned this little bit of info messing with zfs and a few different types of flash media. In the end the most stable connection less prone to error was a single USB connection. However, it didn't matter if it was a single drive or a multi drive enclosure.

Today I wouldn't recommend doing this at all. However if you are going to. Have a look at how USB port sharing on a usb hub works and how that can wreck a raid system over time.

Edit Spelling

view more: next ›

pyrosis

joined 7 months ago