Installed the Audio Player app. It’s a bit less odd for playing music than the Music app.
… but the Audio Player dashboard widget is worse. So I’m using both apps.

I patched from 31.0.8 to 31.0.12 to 32.0.3. No real problems.
I might get around to fixing these. I tried for a while after I upgraded. No luck.
My API Deploy Damon wont connect and the Websocket looks like I need to install something?

I think I need to do some config on the back end.
The help pages I’ve found for this stuff are all on github.
There’s info there, but they kinda slam through the topic without much explanation.
This is a hetzner default nextcloud setup, so I may well have to refer to their docs too.
My instance works fine; I’m not too concerned about these errors. Any input is very welcome.

I own two GL.inet routers. I liked my Flint so much that I bought an Opal for my office and on the road. These machines are well provisioned. The OpenWRT reviews of them say to just leave the stock bootloader installed. I’ve installed all sorts of packages, multiple subnets, VPN, adblock, etc. GL.inet gear is good stuff.

Cisco offers a whole lot of free online training as well, on several different websites.
Its kind of a pita to get access in the first place, but its definitely free, comprehensive, and starts from the ground up.
And of course, they have paid training options on those same sites.

Well … How much do you want to learn? How serious are you?

If you want to know networking, the authority is Cisco.
I’m scheduled to take my CCST Network exam tomorrow. That’s an entry-level Cisco cert.
I’ve been studying for about 3 months. Wish me luck …

Junior NetAdmin Cert
The CCST training is online and entirely free.
https://www.netacad.com/career-paths/network-technician?courseLang=en-US

Access
You’ve got to jump through some hoops. You need to create an account and go through some verification.
They need to figure out if you are ‘overseas’ and whether you should be able to download encryption products.
I think its probably easiest if you use your work email, that’s what they are really looking for.

Cisco U
There’s a shit-ton of free classes at Cisco U as well.
Most of those are not directly cert-related, but a large amount of them were created for people studying for the CCNA, so they are certainly helpful. There’s all sorts of rando training, keep ya real busy. Here’s one I’ve started.
https://u.cisco.com/paths/understanding-cisco-data-center-foundations-20705

Lab Environments
The whole study program uses Packet Tracer for the labs, which you download from them.
I also got a copy of Cisco Modeling Labs running. That was a bitch, had to shoe-horn an OVA to run on Proxmox.
And I got an older edu copy of the Cloud Services virtual router, if there’s anything these other lab environments can’t handle. (This version can be freely downloaded … csr1000v-universal9.03.12.00.S.154-2.S-std.iso)

Heh, try posting on the Proxmox forums. Piranhas will eat you up.
Sorry to hear that tho. This comm doesn’t help much. Got about 5 readers here.

I’ve posted here and had it deleted. So I don’t bother.
The instance I’m a member of had an unused selfhosting comm, and I started using it. Other people did too. Thanks for the shout out.

Alright already! I’ll work on my upgrade.
I’m wondering if I should just build a new docker and then migrate the data instead of upgrading in place. I bet that’s the easier thing to do in the end. Sounds safer too. I got backups and all, but …

Netbox is a hell of a package, of which I’ve essentially only touched the IPAM, and I don’t even use it programmatically. I just use the web console to keep track of 4 subnets and about 50 IPs.

It’s got a whole virtualization section that I haven’t touched, although that would make my device mapping more sensible. I just treat em like they are all real, and only map the physical nics on the hypervisor hosts.

I do keep text notes in Netbox entries, but that’s sort of a backup. If its something I’m likely to need to know, I’ll have a note in Proxmox. Usually login links for apps hosted there and the like. And of course I’ve got a folder full of text files with all my deepest secrets.

I’m not real clear what exactly you need to document.
Infrastructure documentation starts with an IPAM.
A good IPAM can help you document all kinds of stuff.

I use NetBox.
https://github.com/netbox-community/netbox?tab=readme-ov-file#getting-started

I’m running it as a Docker container on a Linux VM.
I just looked at their latest screenshots, and it appears they’ve done quite a bit with it since I stood up my copy.
It does even more now. I’ll have to upgrade.

Cool.

Here. SSH key issues. There was a huge forum war.
https://forum.proxmox.com/threads/ssh-keys-in-a-proxmox-cluster-resolving-replication-host-key-verification-failed-errors.138102/
But its still a thing. That still needs to be fixed by a human. Today that’s me.

Regarding CEPH and corosync on the same network … well I’m just getting started with that now. I do have them on different vlans, but its the same 10gb set of nics. I’m hoping if it gets really lousy, my netadmin can prioritize the corosync vlan. I’ll burn that bridge when I come to it.

EDIT … The linked forum post above leads to the SSH key answer, but its convoluted.
Here’s what I put in my own wiki.

Get the right key from each server.
cat ~/.ssh/id_rsa.pub

Make sure they match in here. Fix em if they don’t.
/etc/pve/priv/authorized_keys

There’s a couple symlinks to fix too, but this should get it.

SSH key management in PVE is handled in a set of secondary files, while the original debian files are replaced with symlinks. Well, that’s still debian. And in some circumstances the symlinks get b0rked or replaced with the original SSH files, the keys get out of sync, and one machine in the cluster can’t talk to another. The really irritating thing about this is that the tools meant to fix it (pvecm updatecerts) don’t work. I’ve got an elaborate set of procedures to gather the certs from the hosts and fix the files when it breaks, but it sux bad enough that I’ve got two clusters I’m putting off fixing.

Corosync is the cluster. It’s a shared file system that immediately replicates any changes to all members. That’s essentially anything under /etc/pve/. Corosync is very sensitive. I believe they ask for 10ms lag or less between hosts, so it can’t work over a WAN connection. Shit like VM restores or vmotion between hosts can flood it out. Looks fukin awful when it goes down. Your whole cluster goes kaput.

All corosync does is push around this set of config files, so a dedicated NIC is overkill, but in busy environments, you might wind up resorting to that. You can put cororsync on its own network, but you obviously need a network for that. And you can establish throttles on various types of host file transfer activities, but that’s a balancing act that I’ve only gotten right in our colos where we only have 1gb networks. I have my systems provisioned on a dedicated corosync vlan and also use a secondary IP on a different physical interface, but corosync is too dumb to fall back to the secondary if the primary is still “up”, regardless of whether its actually communicating, so I get calls on my day off about “the cluster is down!!!1” when people restore backups.

I use PVE professionally. I could spent some time bitching about how it handles ssh keys and the fragile corosync cluster management. I could complain about the sloppy release cycle and the way they move fast and break shit. Or all the janky shit they’ve slapped together in PBS. I could go on.

But I actually pay for a license for my homelab. And ya, it is THE thing at work now.

I’ve often heard it said that Proxmox isn’t a great option. But its the best one.
If you do try it, don’t bother asking questions here.
Go to the source. https://forum.proxmox.com/

Hmm. I used to volunteer with Free Geek in Portland OR. It was essentially that, an e-disposal site and we made refurbs for community organizations. But they did have a store for sale to the public.

I have so much computer junk. I got rid of most of it, but then I got a bunch more when we closed the company office. Got at least 10 monitors, 5 PCs, a mini, couple laptops … and a storage shelf to put it on.

Buy? That’s garbage. Look in garbage places. Used shops of any sort.
I like the college junk store suggestion. I used to do that.

You better watch it. You will shortly have a closet full of junk computer parts.

Ok. Yes, my use case is a private document and media store. I’m ungoogling.
VPN seems like a good place to start. But I’d like a simple answer, and I expect there are none to be had. As you’ve illustrated here, I’ll find a reason to punch holes in the firewall. And then I’m going to need to secure a web server. Life happens. I’ll keep it simple for now while I sort things. Thanks for your perspective.

Ya. I understand VPN. I do enterprise IT stuff. The things I build assume a secure environment. VPN is step one.
Nailing down a web server on the internet tho … there’s so many ways to attack. There’s so many things to secure. And its a bit complex to manage all that.
The nextcloud site covers hardening the server, but doesn’t even mention vpn.
I’ve been watching threads like this. I’m pretty convinced vpn is the answer.

Well, I might as well put a dog in the fight. I’m considering my final, actually secure deployment of nextcloud.

This discussion has convinced me that a vpn is the only answer.
And almost everyone says wireguard.

K. Thats what I will build.

I’ve seen some long discussions from folks trying to secure Jellyfin. Yes, there are a lot of things you can do to secure a web server. But if you want it simple, over and over the answer is one word. Wireguard.

My router does Wireguard, although I did stumble the last time I tried to set it up. I’ll install it on my VPS and get a VPN going.

And this is the start of the longest crypto nerd fight I’ve seen on Lemmy. Well done, people!

Where does the drive live? Where does the server live? (Cloud, Local, Colo, etc?)
What mount method are you considering? (NFS, SMB, USB, etc?)

Have you seen this page yet?
https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/external_storage_configuration_gui.html
It says, “The Encryption checkbox is visible only when the Encryption app is enabled.”
So … Go install the Encryption App.