seanho
seanho
Comments
-
Thanks, Ant, for the memoir. Except for the idea to expand NAT LES to help third-world users (which would have been really interesting!), everything else was not a surprise to those of us who've been around LEB/LET for a while. I'd be in favour of allowing volunteer mods for day-to-day policing, while keeping a core of…
-
What do you want from your storage? Web interface and WebDAV? Nextcloud. Windows remote mount? Samba over Wireguard / OpenVPN. Fancy distributed fault-tolerant stuff? Gluster, minio, Tahoe, Moose, etc.
-
@freerangecloud has regularly-priced VMWare in Vancouver (Harbour Centre, I think?). DC space in western Canada isn't cheap. If Seattle works for you, that may be an alternative.
-
I've had an 0.5TB biennial plan with them since very early days, grandfathered 1Gbps and (slightly) higher iops, still OVZ6 to this day. Only used them for last-resort DR with a remote-dmcrypted loopback device. It's slow and has had short downtime, but it does work. Letting it go when the final renewal allowed at the…
-
I'm running k3s 1.19 on my home lab, yes. I haven't gotten to the point of building a cluster of VPSes yet (but I plan to). On home lab I have 128GB of RAM per node and plenty of disk, and so haven't paid much attention to install size.
-
K3s 1.19 has now reverted to using etcd just like upstream kubernetes. For a long while they didn't have HA, then they tried dqlite, then just gave in to using etcd. You can still use external DB if you like.
-
I agree that k8s is the way forward instead of swarm, but there are still a lot of swarm installations out there. Just a small correction: no pod without a matching tolerance is scheduled on nodes with a given taint. The terminology is super confusing.…
-
Thanks Tom, I love chatting about editors; I think the UX of software dev is so important! All those little quality-of-life improvements help smooth over the tedious busywork and reduce interruptions to the flow of thought. I was pretty heavily into emacs way back in the day, did some elisp hacking, then somewhere around…
-
Probably best way to do that is via CPU request
-
Excellent pricing for storage!
-
I agree that doing things incrementally and planning on a long-term relationship has the best chance of a positive outcome for the front-line folks that'll be using the system. Baby steps, low-lying fruit, and easy wins. As with most such projects, the technical side is ridiculously simple; everyone and their dog has a DB…
-
2FA via PAM should work just fine in combination with pubkey auth for ssh
-
I think LES is doing well as it is. I don't think there's a need to chase after more traffic, just let it continue to grow organically. Deals will naturally bring in folks. I'm also undecided about more newbie tutorials; DO, Linode, etc have that pretty well covered. One thing I like about some other forums is the communal…
-
There's always buster-backports, too. My laptop is running buster but with the backports kernel, in-tree wireguard, managed by systemd-networkd.
-
Debian bullseye also uses kernel 5.7, which includes wireguard in-tree (as of 5.6), so no dkms needed.
-
IIRC they had a similar deal before for .ink, which is another TLD they own.
-
https://www.amazon.com/StarTech-com-Open-Frame-Server-Rack/dp/B00P1RJ9LS How much depth do you have to work with? R210ii, CSE-512, and similar are around 16" rack depth, but most full servers need 26-30" for the rails. Network and A/V racks / cabinets are shorter but really constrain your selection of chassis. Also many of…
-
http://www.orgzly.com/ It's what I'm using now. I'm not in love with it, but it works. I still can't get used to the org-mode way of writing links; I know it predates markdown.
-
SuperMicro 846 or similar 4U, SQ PSUs, swap the case fans for Arctics, use active tower coolers to compensate for the reduced airflow. It's a bit janky but works. I do something similar in a few cheap Rosewill 4U cases; the loudest noise is from the 7200rpm drives. Just avoid anything 1U! ?
-
For DB, my inclination would be to do the HA/failover in the DB, e.g. Postgres streaming WAL replication. Each DB server stores its data on local SSD. You can still use k8s for deployment / lifecycle management of the DB services.
-
All I saw is terrible cable management... ;) I have a 36U rack in my basement with a k8s cluster, five dual-E5v2 nodes plus a couple SFF desktops, 10/40Gb networking. My storage needs are not so big, more compute. My rack is nothing compared with some of the folks in r/homelab . Most of the folks in our community at…
-
Unraid doesn't pass TRIM, last I heard. Most folks use it with an array of spinners, plus SSD cache. For 4x NVMe, perhaps zfs pool of mirrors (raid10), depending on your needs.
-
Yes, if you're torrenting a lot it can prematurely wear out both HDDs and consumer SSD. One idea is to get a cheap, used, enterprise 10k SAS HDD (plus HBA) just for torrent/seeding; those are pretty sturdy. Enterprise PCIe/U.2 NVMe can have very high DWPD, too. Or just get a dedi seedbox. I do have to say that since I…
-
LunaNode has load balancers, you just pay $1/mo for the floating IP.
-
Minimize the attack surface as much as possible. If Exim is listening on port 25 and has a CVE, or you haven't updated it in a while and your old version has a CVE, your VPS will be pwned within days, or sometimes within minutes. tcp/4140 is assigned to Cedros fraud detection; does anyone actually use that?
-
Doing the rate limiting directly in zfs is probably the best. In addition, you might investigate piping it through pv with the -L option.
-
Oh man, I did a fair bit of Perl hacking, back in the day; this brings back memories. When Perl 5 came out, it was like the sky was falling -- what was a scripting language doing with OO? There was a time when I really bought into the "literate programming" idea and tried hard to make my code read like English ... all a…
-
Metal detector around the trench?
-
Not fond of Authy being closed source. I've used FreeOTP for a while but it's ancient. Many password managers nowadays have TOTP built-in; e.g., KeePassDX on Android. Even with good old Google Authenticator, root the phone and use Titanium Backup to backup GA's database.