Maximilious

He just told you. Assign VLAN on each individual port on your switch. Done. If your switch is unmanaged, then you need a new switch to support VLANs.

Also -1 for netdata. I loved the analytics but it brought all of my VMs to a screeching halt. It did not seem very will optimized for the amount of data it was polling.

Yes you can. It requires those docker containers to be installed and plugged into it on a stand alone system. This is exactly what HAOS is doing behind the scenes for is users and why many stick with it.

Yeah it’s near impossible to block on streaming services because most of the ads are served up from the same DNS locations that the watchable media is hosted on.

What makes it better other than the UI? I’m weary of using it because it is developed by Russian developers.

This is the way. My setup is very similar except I only use authentik for Nextcloud. I don’t expose my “arr” services to the Internet so I don’t feel it necessary to put them behind authentik, although I could if I wanted.

Using Duo’s free 10 personal licenses is also great as it can also plug into authentik for MFA through the solution.

$120 a year and still limited to 3600 searches. Pretty sure I’m way above that number. I get they need to make up for lost as revenue but that’s still too much for me to justify. I’ll keep giving my data to a free engine.

That’s because it is considered part of the Midwest?? https://en.m.wikipedia.org/wiki/Midwestern_United_States

I backup my ESXi VMs and NAS file shares to local server storage using an encrypted Veeam job and have a copy job to a local NAS with iSCSI storage presented.

From there I have another host VM accessing that same iSCSI share uploading the encrypted backup to Backblaze. Unlimited “local” storage for $70\y? Yes please! (iSCSI appears local to Backblaze. They know and have already started they don’t care.)

I’m backing up about 4TB to them currently using this method.

I’m sure you know this, but snapshots are not backups!

Cheeseburger

Thanks for all you do!

Have they asked the engine how they can generate more revenue?

Because everyone in the game is making money off those trackers. Just because you give them your address and general interests doesn’t mean they know you’re shopping for a new fence for your house or different daycares for your kids at a specific given time.

I have Nextcloud hosted internally in a podman container environment. To answer some of your more security related questions, here’s how I have my environment set up:

1. Cloudflare free tier with my own domain to proxy outside connections to the public domain name, and hide my external IP.

2. A DMZ proxy server with a local traefik container with only ports required to talk to the internal Nextcloud server allowed, and inbound 443 only allowed from the internet (cloudflare).

3. An Authelia container tied to the Nextcloud container using “Two-factor TOTP” app addon. Authelia is configured to point to a free DUO account for MFA. The TOTP addon also allows other methods of you want to bypass Authelia and use a simply Google auth or other app. I’ll be honest, this setup was a pain but it works beautifully when finally working.

Note: Using Authelia removes Nextcloud from the authentication process. If you login through Authelia, if set up correctly it will pass the user information to Nextcloud and present thier account. There is a way to have “quadruple” authentication of you really want it, where you log in through Authelia, Authelia MFA, then Nextcloud and Nextcloud MFA, but who would want that? Lol.

Another Note: If Authelia goes down for whatever reason, you can still log in through Nextcloud directly.

1. I have all of my containers set to automatically pull updates with the latest tag. This bites me sometimes of major changes happen, but it’s typically due to traefik or mariadb changes and not Nextcloud or Authelia.

2. I have my host operating system set to auto update and reboot once a week in the early morning.

3. My data is shared through an NFS connection from my NAS that only allows specific IPs to connect. I’d like to say I’m using least privileged permissions in the share, but it’s a wide open share as my NFS permissions are not my strong suite.

Hope the above helps!