Hi fellow selfhoster,

Im a bit lost on the following scenario and im unable to find any documentation about it so i was hoping some smart people here could point me in the right direction.

I have a linux software raid 6 that contains a LUKS partition with ext4 in it. I would like to automount the ext4 when im rebooting. The root partition is also using LUKS and i have successfully setup the decryption for this parition but im uncertain on how to do this with this raid setup since im not sure where in the boot process linux recognizes my raid and when the decryption happens.

This is what i have:

[root@nfs-rocky-1 ~]# cat /etc/mdadm.conf
ARRAY /dev/md/server1:0 metadata=1.2 UUID=3e198408:2236ed3d:1dc13a8e:e5f91e52

On a reboot the raid does get automaticly recognizes but i still have to do cryptsetup luksOpen /dev/md0 raid & mount /dev/mapper/raid /mnt/data.

What would be the best way to do this? Im a bit scared of doing this im not certain of since i don't want my machine to be stuck at a boot.

Just a like to an article that dicusses something like this already would help me greatly.

Hey,

Im using openwrt with banip to only allow certain countries to access my services. Im not familiair with banip and im having issues finding documentation about it so thats why i came here.

I need to allow a certain path to allow cert-manager to get me new certificates using http challanges. If im not mistaking i have to allow the path: .well-known/acme-challenge/*.

Is their an option to allow this from any country but block all other requests?

My current config is as following:

root@OpenWrt:~# uci show | grep ban
banip.global=banip
banip.global.ban_enabled='0'
banip.global.ban_debug='0'
banip.global.ban_autodetect='1'
banip.global.ban_allowlistonly='1'
banip.global.ban_fetchcmd='curl'
banip.global.ban_protov4='1'
banip.global.ban_ifv4='wan'
banip.global.ban_protov6='1'
banip.global.ban_ifv6='wan6'
banip.global.ban_dev='eth0'
banip.global.ban_fetchretry='5'
banip.global.ban_nicelimit='0'
banip.global.ban_filelimit='1024'
banip.global.ban_deduplicate='1'
banip.global.ban_nftpriority='-100'
banip.global.ban_icmplimit='25'
banip.global.ban_synlimit='10'
banip.global.ban_udplimit='100'
banip.global.ban_nftpolicy='memory'
banip.global.ban_nftretry='5'
banip.global.ban_blockpolicy='drop'
banip.global.ban_nftloglevel='warn'
banip.global.ban_logprerouting='0'
banip.global.ban_loginbound='1'
banip.global.ban_logoutbound='0'
banip.global.ban_loglimit='100'
banip.global.ban_autoallowlist='1'
banip.global.ban_autoallowuplink='subnet'
banip.global.ban_autoblocklist='1'
banip.global.ban_country='us'
banip.global.ban_logterm='Exit before auth from' 'luci: failed login' 'error: maximum authentication attempts exceeded' 'received a suspicious remote IP .*'
banip.global.ban_vlanallow='br-lan'
banip.global.ban_allowurl='https://www.ipdeny.com/ipblocks/data/aggregated/be-aggregated.zone' 'https://www.ipdeny.com/ipv6/ipaddresses/aggregated/be-aggregated.zone'
banip.global.ban_geoip='1'
banip.global.geoip_src='dbip'
banip.global.geoip_mode='allowlist'
banip.global.ban_feeds='country:US' 'country:US' 'geoip:US'
banip.global.ban_all='1'
banip.global.allow_country='US'
banip.global.ban_feedin='country'
banip.global.ban_feed='hagezi' 'tor' 'vpn'
wireless.radio0.band='2g'
wireless.radio1.band='5g'

Thanks for your time and have a great day!

Hello Lemmy,

Im trying to troubleshoot a connection issue to my laptop which is connect using the buildin ethernet port. The connection drops sometimes for a few minutes and then im able to connect again.

This is the port being used:

k3s-alpine-lap-6:~# lspci -nn | grep -i ethernet
0000:01:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8111/8168/8211/8411 PCI Express Gigabit Ethernet Controller [10ec:8168] (rev 16)

Some information about the drivers being used:

k3s-alpine-lap-6:~# ethtool -i eth0
driver: r8169
version: 6.12.76-0-lts
firmware-version: rtl8168h-2_0.0.2 02/26/15
expansion-rom-version:
bus-info: 0000:01:00.0
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: yes
supports-priv-flags: no

Some information i found using dmesg:

[   10.535868] Bridge firewalling registered
[   29.478495] usb 3-1: USB disconnect, device number 2
[   30.635978] atkbd serio0: Unknown key pressed (translated set 2, code 0xd8 on isa0060/serio0).
[   30.635990] atkbd serio0: Use 'setkeycodes e058 <keycode>' to make it known.
[   30.645244] atkbd serio0: Unknown key released (translated set 2, code 0xd8 on isa0060/serio0).
[   30.645256] atkbd serio0: Use 'setkeycodes e058 <keycode>' to make it known.
[   55.836493] EXT4-fs (sda): mounted filesystem f9742482-7e09-4460-a10d-81c5f5abaf23 r/w with ordered data mode. Quota mode: none.
[  347.743005] Initializing XFRM netlink socket
[  354.759146] eth0: renamed from tmp5fca0
[  354.898482] eth0: renamed from tmp375a5
[  354.930148] eth0: renamed from tmpaf7f3
[  354.970131] eth0: renamed from tmpc035d
[  356.883835] eth0: renamed from tmp68492
[  518.679868] Key type trusted registered
[  518.745372] Key type encrypted registered
[  518.750554] device-mapper: uevent: version 1.0.3
[  518.750614] device-mapper: ioctl: 4.48.0-ioctl (2023-03-01) initialised: [email protected]
[  599.682490] hrtimer: interrupt took 24965 ns
[  832.545952] r8169 0000:01:00.0 eth0: Link is Down
[  845.527825] r8169 0000:01:00.0 eth0: Link is Up - 100Mbps/Full - flow control off
[  846.467804] r8169 0000:01:00.0 eth0: Link is Down
[  848.089514] r8169 0000:01:00.0 eth0: Link is Up - 100Mbps/Full - flow control off
[ 2407.857541] r8169 0000:01:00.0 eth0: Link is Down
[ 2420.398450] r8169 0000:01:00.0 eth0: Link is Up - 100Mbps/Full - flow control off

Im not knowledgeable about this types of issues so im not even sure the driver is the issue.

Does someone have a simular experience or knows what could cause this issue i would love to hear it! Have a great day!

(Im sorry my post isn't very specific about the issue but im not sure how i could better start troubleshooting this)

Hello,

Im planning on running a postgresql server on my k3s cluster using the bitnami/postgresql helmchart & container image. I already set it up for testing and it works really well.

But since newer versions of immich are moving to VectorChord I would like to install this extention so i can move my immich database to this postgresql server.

I already tried to search how i should/could install an extention in the bitnami/postgresql image but I haven't found something usefull to me. Im not a postgresql expert so maybe i missed some stuff :).

Does someone have experience with this or know in which direction i should like i would greatly appreciate it.

Thanks for your time and have a wonderfull day!

EDIT: Could someone explain me why im getting downvotes for this post? Is the way i wrote it not good? Is it a bad question? Is the software i mentioned unpopular?

Hello,

I have a little homelab that contains a 3 node k3s cluster which im pretty happy about but i got some questions regarding ingress.

Right now i use nginx as ingress controller and i have the IP of one of the nodes defined under externalIPs. All the nodes are behind the router my ISP gave me so this is nothing special, in this router i configured it to forward port 443 to port 443 of that ip. This all works as excpected im able to access the ingress resources that i want.

But i wanna make some improvements to this setup and im honestly not really sure how i could implement this.

1. Highly available ingress. When the node which contains the IP of the ingress controller goes down im unable to reach my clusters ingress since my router cant forward the traffic. Whats the best way to configure all 3 nodes to be able to receive ingress traffic? (If needed im able to put it behind something like openwrt or opnsense but not sure if this is needed)
2. Some ingres resources i only want to expose on my local network. I read online that i can use nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.0.0/24 but this doesn't work i think because since the ingress doesn't receive the clients actual ip rather it receives an internal k3s ip. Or is their another way to only allow certain ips to access an ingress resource?

Could someone point my in the right direction for these improvements i wanna make? If you need more information you can always ask!

Thanks for your time and have a great day!

Hello, Im trying to host a backup solution on my k8s cluster for my linux and windows clients. I would like it to use https so its easy to manage ingress. Does someone have any recommendations? thanks

EDIT: a requirement i forgot is that it is meant for multiple users but idk if thats possible

Hello lemmy, I have currently 4x4tb hard drives but they are almost full. Im thinking of getting a 8 bay das so i can put extra drives in it. I have looked around but wasnt able to find something that looked good, does someone have recommandations? Thanks for your time!

Hellow, im trying to hide some element in firefox using userChrome. In perticular on left the the "View recent browsing accross windows and devices" how could i do that? Or what is a good resource to know how to learn this myself?

Thank for your time and have a nice day!

Hello, Im trying to monitor & control my dns in my network. I like the idea & features of nextdns but all your traffic goes trough them right? I wanna host something simular. I currently have pi-hole installed but i feel like its not as advanced as something like nextdns. What service could i use for this? Thanks for your time!

Hey, im trying to config my i3status bar so that it shows the amound downloaded + uploaded /sec i cant find something on it is this possible? Thanks for your time!

Im currently using photoprism for my photostorage but i wanna host it for friends/family as well. I wanna make sure the users feel comfortable with uploading their photos and have a zero trust setup so they dont have to trust me. Is this a possibility with photoprism or with a service similair i can't find anything. THanks for your help and have a nice day!

My server is currently running fedora and it has a encrypted raid attatched. Now i wanna move my server to nixos but i cant find anything on how to automount it. Any advice ? Thanks for your time and have a nice day!

Im using linux for +-3 yrs and im pretty used to it. Im currently running nixos on my laptop. My question is what kind of hardening do i need firejail, apparmor, selinux, .. all 3 of them ? none of them ? Thanks for the advice and have a nice day