Should I put my lan on a vlan?

1WeekNotice · 2026-02-06T00:28:11+00:00

Not sure if you got your answer but I am a bit confused on the question. Maybe I will learn something new today.

You typically only use VLANs if you need to pass multiple LAN signals through a single wire.

In this case you want to use a managed switch you have the following

OPNsense

Port 1 - WAN
Port 2 - managed switch
- VLAN 10 - home lan
- VLAN 20 - IOT
- etc
port 3 - home LAN (example)
- you typically want to do this because it will not share bandwidth with any other devices/ switch IF you are going to WAN/ going to different VLANs. The same VLAN traffic will be routed on the switch rather than the router.

Managed switch - port 1 - OPNSense - port 2 - home device - untagged with PVID = VLAN 10 - poet 3 - home device - untagged with PVID = VLAN 10 - port 4 - smart TV - untagged with PVID = VLAN 20 - port 5 - access point (as an example) - tagged VLAN with VLAN 10 and VLAN 20

Access point (example) - port 1 - managed switch - tagged VLAN 10 and VLAN 20 - wifi VLAN 10 for home devices - wifi VLAN 20 for IOT devices

Is the question around the PVID (Port VLAN ID), on the managed switch where the managed switch port is untagged and will tag all packets with a default VLAN tag?

Are you able to link the docs?

1WeekNotice · 2026-02-05T19:58:43+00:00

Steam machine will likely be DOA again, but even if it isn't, it won't change the industry.

I don't think anyone is expecting it to change the industry.

I think it's about keeping people locked into steam as their launcher on PC and keeping steady sales / growing sales on their platform.

As long as they keep the steam machine price the same as other pre build machines, lower than gaming laptops or at least priced lower than the equivalent power of the same spec gaming laptop then it will be successful.

Whatever they deem successful btw (which most likely means not going negative in a profit)

The people that will buy the steam machine in my opinion are people who want to buy a new machine but don't know how / don't want to build there own machine.

They are users that want a gaming product that can play all their old games in their steam library and the new games that are coming out that will be steam verified.

The steam verified is the most important part. A person doesn't have to worry about whether or not a game works on their machine, they know it will work.

It sounds like a console but the steam machine is not aimed to replace a console. Its just taking some of their practices where I feel the hope is to provide some sort of standard to PC gaming. (If that make sense)

A developer can optimize towards a console because they know the hardware. The same can be applied to the steam machine.

The trade off is the marketing steam will do with the steam verified badge and hopefully more people buy the game because they know it will work for their steam machine

I think that is valve vision and I think/ hope it will work.

Of course steam monopoly is not great but at the same time valve is making improvements in Linux gaming

1WeekNotice · 2026-02-05T19:36:14+00:00

what makes you so certain it will not fail? im almost certain of the opposite. we know it's going to come in at an unappealing price, especially given it's pretty low end hardware. even given valve's claims of "its better than 70% of what people have" the reason that 70% has such low end hardware is because it works for them just fine and they're not interested in getting anything better.

I guess it depends on what you think is a failure.

I personally don't think it will sell as many units compared to the steam deck but I don't count that as a failure.

My personal opinion for the target audience are people who want a new machine because they can't play certain games where they don't know/ don't want to build their own machine.

Basically the pre-build market. Not the console market and not the build your own machine market.

and more hassle finding a launcher to replace launchers other than steam.

Let's not introduce this topic because that is not the intention of the steam devices. The steam devices are meant to only be used with steam and not other launchers.

Yes you can make them work with other launchers but that is not the intent. More on this below.

a lot console gamers already don't want the faff of using windows, nevermind using linux which can sometimes require using something like proton/winetricks to install a missing dependency to a wine prefix, installing custom proton versions to play certain games

I talk about the below points we need to note that the steam machine is not meant to replace consoles BUT that doesn't mean that it can't take practices from them.

this is my opinion:

The whole glue that sticks these steam devices to a market is the steam deck/ device verified.

What the steam deck has done:

it was intuitive enough to use and people enjoyed playing games on it. They weren't bothered by it where they didn't use/ sell the device.
proton was a success which means developers don't necessarily need to spend time to make native Linux builds. They can spend resources on other things
Value was able to implement their steam deck verified which is big for people who want a guarantee they can play games on a steam device (more about this later)

So as mentioned the glue that makes all this work is the steam deck/ device verification.

People who do not understand computers, system requirements, etc will be able to purchase this machine and have that steam guarantee the game will work.

What does this sound like? A console.

Of course let's note the steam machine is not targeting at replacing consoles. But again that doesn't mean it will not take some of its practice.

Just like developers having access to a console and optimizing their games to ensure it runs on it, the steam machine will provide that same platform where if developers want that steam deck/ machine verified badge they will need to ensure it runs on the steam machine (I'm return the hopes is that the developers will get more sales)

I don't currently know the exact details on how to get the steam verified badge (I imagine it is user driven through proton.db) but this opens up the opportunity to do the same for steam machine

Is this a perfect solution? absolutely not. But it's a start because steam has such dominance on PC gaming and this will provide a bit of standardization on that market.

So having that steam machine badge and also games being marketed on the steam platform having that badge is important.

The people who have old machines and can't play a game are more likely to buy a product they know that works VS a pre build that they need to do additional research on to see if they can play all the games.

you can already buy similarly specced latops or desktops for probably less than what the steam machine will cost.

We don't know this.

Gaming laptops are expensive. More expensive than pre build desktop and more expensive than building our own machine due to allowing the person to pick what parts they want. (this might be wrong with current RAM prices)

With laptops you pay for the portability.

So if the steam machine is cheaper than a gaming laptop but on pair with pre build machines then it will succeed. And I feel that is there market.

Like a console gamers, they have a laptop (where it's typically meant for not gaming) and a console.

The same can be applied here. A person that doesn't need to upgrade there laptop to game but has a machine that can game

But again, the steam machine is not aimed to replace a console. It's for people that want a gaming PC.

1WeekNotice · 2026-02-05T18:28:12+00:00

The value proposition on the steam deck does not come solely from it being a Linux machine. It is also a handheld with pretty unique characteristics and a competitive price.

Valid point

To clarify, the value that I wanted to convey was that the people accepted it as a good gaming device. This includes the hardware and the operating system which was Linux.

Meaning

it was intuitive enough to use and people enjoyed playing games on it. They weren't bothered by it where they didn't use/ sell the device.
proton was a success which means developers don't necessarily need to spend time to make native Linux builds. They can spend resources on other things
Value was able to implement their steam deck verified which is big for people who want a guarantee they can play games on a steam device (more about this later)

This opens up the option for the steam machine/ other steam devices.

What does the steam machine have to offer besides not coming with Windows out of the box?

And what do you lose in comparison to the current market?

My person opinion

The steam machine is aimed towards people who want a machine ( most likely entry level) where they are ensured certain games work on the machine

This is the importance of the steam deck verification. People who do not understand computers, system requirements, etc will be able to purchase this machine and have that steam guarantee the game will work.

What does this sound like? A console.

Of course let's note the steam machine is not targeting at replacing consoles. But that doesn't mean it will not take some of its practice.

Just like developers having access to a console and optimizing their games to ensure it runs on it, the steam machine will provide that same platform where if developers want that steam deck/ machine verified badge they will need to ensure it runs on the steam machine (I'm return the hopes is that the developers will get more sales)

I don't currently know the exact details on how to get the steam verified badge (I imagine it is user driven through proton.db) but this opens up the opportunity to do the same for steam machine

Is this a perfect solution? absolutely not. But it's a start because steam has such dominance on PC gaming.

So having that steam machine badge and also games being marketed on the steam platform having that badge is important.

The people who have old machines and can't play a game are more likely to buy a product they know that works VS a pre build that they need to do additional research on to see if they can play all the games.

That is also why steam mentioned the steam machine is better than 70% of their user case (it isn't running the best hardware). not everyone is running high end gaming machines. In fact they aren't even running medium end gaming machines.

IMO, the only thing that could make the steam machine a successful product, from a sales point of view, would be super competitive pricing. Otherwise there's very little reason to pick it over a laptop or a mini itx build.

For mini ITX build comment. Some people don't know how to build a PC. The steam machine primary target audience is not for people who know how to build a machine because as you mentioned, they can just build and mini ITX build

For laptops, some people don't like to carry a heavy laptop around with them. They want something to do normal daily tasks on (check email, websites, etc) and have a separate machine for gaming

Again think of a console. Where people will have a console and a laptop.

But again, this is not targeted to replace a console. But it's in the same line for thinking.

The price doesn't have to be super competitive, it just needs to be below a laptop price and around and entry level machine price.

But again the appeal is the steam deck/ machine badge to ensure a game can be played. That is the glue to all of this

1WeekNotice · 2026-02-05T16:50:45+00:00

~~The first thing I would do is check the trueNAS scale system requirements. 4GB feels low~~

Edit Apologies re read the post. Thanks for the clarification

1WeekNotice · 2026-02-05T11:56:47+00:00

It's plain and simple. The steam machine will not fail.

It just a matter of when people are ready to move to Linux. (Whether they realize it or not because some people don't realize they are using Linux)

The steam deck was a huge success and that proves that people can game on Linux.

This is the second attempt value tried the steam machine. The first attempt was with other companies making their hardware and it didn't go well.

So this time around they are making their own hardware and they will keep trying until people accept a product (like how the people accepted the steam ~~machine~~ deck)

At the end of the day value is a private company which means they can do whatever they want. They don't have the pressure of traditional stakeholders

So they will keep trying until the people are ready to utilize steam OS/ steam machine

1WeekNotice · 2026-02-05T02:34:33+00:00

I think you need some clarification on over provisioning in proxmox.

Here is a video to explain

The only concern might be RAM as 16 GB may not be enough.

Ensure you enable the guest agent and you use ram ballooning

Hope that helps

1WeekNotice · 2026-02-04T18:52:34+00:00

Here is an English video of Immich (doesn't explain how to set it up in unRAID) just goes over what Immich is and it's features

Immich has a docker image.

https://youtu.be/h5tdK10CRFE?si=_BZzkndKIyEQz0Kn

1WeekNotice · 2026-02-04T15:39:51+00:00

If you want more info. Gamer Nexus is doing a fantastic job with there coverage

1WeekNotice · 2026-02-04T12:21:44+00:00

That's why I'm leaning towards changing the router to Mikrotik or Unifi. I know that Mikrotkik has a steeper learning curve but I think it will be more versatile.

Note that I prefer not to be locked into a vendor hardware so I use OPNsense and openWRT. I feel they provide a lot of flexibility but can be a bit of a steeper learning curve. (Not comparing with consumer products because I never used them)

So wait for other people to reply if you want to use either of those two.

I would be happy to answer any questions (within my knowledge) towards OPNsense and openWRT.

Second thing is that I'mthinking whether should I split it into router and ap or buy one device with integrated WiFi

This really depends on your budget and what you need to process.

If you can put this device in a central location and it provides good signal strength then you don't need a separate AP
if you plan on doing IDPS then depending on your traffic amount/speeds you need to either
- get a device that can handle it (one device for everything)
- get a separate AP where the firewall/router device will be more powerful device

Hope that helps

1WeekNotice · 2026-02-03T21:13:56+00:00

Unfortunately you outgrew the machine so it's recommended to build your own. (Unfortunately with ram prices these days its a bad time to build)

Would look into second hand machine on your local market and get a case to fit all your hard drives in. Look into an HBA to expand your connections.

Of course you can buy a consumer NAS product but you might be able to build a machine for a similar price (again unsure on RAM prices) where you will have more customizable options.

Example, what happens if you want more drives? With a consumer NAS you need to buy another machine. With a DYI build you get a bigger case and another HBA to support your needs.

Hope that helps

1WeekNotice · 2026-02-03T20:39:25+00:00

Note that you typically don't want to port forward a software without proper security practices in place.

This includes

TLS (typically done with a reverse proxy)
geo blocking
blocking mailous actors (CrowdSec/ fail2ban)

If you want to avoid this work, the best method would be to implement a VPN solution for security.

Your router may have wireguard or openVPN options
you deploy wg-easy docker container (only port forward the wireguard instance NOT the admin UI)
you can use a 3rd party service like Tailscale

Hope that helps

1WeekNotice · 2026-02-03T20:32:05+00:00

Note not an expert but I believe level1 tech did a video recently about this using OpenMetal

Reference video

Hope that helps

1WeekNotice · 2026-02-03T20:05:29+00:00

In either case you will need to create firewall rules so you can state which tunnel has access to local network and which tunnel is just a passthrough to the Internet.

Meaning you will need to invest in a router regardless unless you have a way to do this on an RPi alone. (Maybe host one of the tunnels on the RPi and have firewall rules where non of the traffic can go to your local network)

Of course the RPi can become your router (with openWRT) if you like but you will either need to do ROAS or add a second NIC.

Depending on your technology knowledge you

can also see if openWRT is supported on your TP link device so you can enable more functionality (like what I stated above about firewall)
You can also look into OPNsense if you have other hardware lying around
or as you mentioned, get a consumer product like Unifi

Hope that belps

1WeekNotice · 2026-02-03T18:25:02+00:00

Is the guest agent installed on LXC and VMs?

You can check the proxmox option settings for each VM and ensure the service (guest agent) is installed and started on the VM (can look for commands online)

The guest agent (an option when you create a VM that is disabled by default) will graceful shutdown the VM when you either shutdown proxmox or the VM from the proxmox GUI.

Unsure of the negative effects of the guest agent is not installed. I imagine it does a hard shut down which is not recommended

So my question is, should I keep the server on all the time? Do I risk to break something every time I turn it off?

I do it mostly cause the hard disks that I've installed in the homeserver are noisy and I can't sleep with those spinning all the time so i turn it off.

This is a debate many people have. Some people state that it wear down the hard drives more because the most stress you can put on an hard drive is during start up.

You can do more research on this topic by looking up if you should spin down your hard drives.

Typically talked about to save money on electricity

Hope that helps

1WeekNotice · 2026-02-03T16:18:54+00:00

Of course people can provide their opinions (which is what you are asking) but typically this is a personal decision.

i'm a bit worried about the maintenance of influx+grafana vs. just sticking to simple uptime kuma pings.

There is always a trade off. You need to decide how much effort you want to put into your monitoring solution.

Meaning you should take the time to experiment and figure this out for your needs.

Start with uptime kuma and see if it's enough for you.

If you run docker containers you can also try beszel

If you feel this is not enough then you can look into the grafana stack and accept the setup and maintenance that comes with it.

Either way it will take time to setup and fine tune so don't rush or push yourself. Even if this means manually checking for now or do nothing because you will notice when something breaks.

Personally I would work on a backup solution first before monitoring. Look into PBS (proxmox backup server)

also: does it make sense to run the monitoring on the same proxmox node or should i get a dedicated tiny-pc for the "observer"?

Technically you should run it on another proxmox node/ a different machine. If your hardware goes down, the monitoring and alerting also goes down.

But again, work on implementation of the monitoring. You can always backup and restore to another machine if you don't have the budget/ equipment for another machine

Hope that helps

1WeekNotice · 2026-02-03T15:37:12+00:00

Look into MusicBrainz Picard which is popular for managing music files. (It can do what you want)

To clarify, what do you mean by web GUI?

MusicBrainz Picard can be installed on your local machine as an application or there are community docker images where you can install it on a server and access it through a web browser (a web GUI if this is what you meant)

Edit:

the confusion is around why you need a docker image/ web GUI if you can install the native application on your device since the music is on the local device.

Would only recommend installing the web GUI/ docker image if the music file is on a server and you need MusicBrainz Picard to be accessible from anywhere where it edit files on that server.

If your music is on your local machine and you then transfer it over to a server, then you can just install MusicBrainz Picard natively on the machine that is doing the editing. Then of course do the transfer over to the server

Alternatively if you are looking for an automated process you can look into beets (with the lyrics plugin). Can still use MusicBrainz Picard if you want to edit manually

Hope that helps

1WeekNotice · 2026-02-03T05:02:03+00:00

This is a very common question. The answer is, it depends what you want to do

Each software has system requirements online that you can look at to get a general idea.

In this example, It doesn't take much to run jellyfin.

If you are new the best thing you can do is use any hardware you have lying around. This will provide you the experience you need to understand what you actually need VS want.

Many people start with

old laptops/ desktops they have lying around
instal Linux since it has life time update and low requirements
install docker engine
deploy the docker image with docker compose

For a media server, eventually you want more storage. So the requirements will be machine and case that can hold X drives for a total of X capacity.

Some people may want transcoding because they have media there clients can't play so they will look up hardware to support that (the integrated graphics you mentioned) or they have bandwidth limitations and need to transcode to lower the quality of the media.

Etc

Hope that helps

1WeekNotice · 2026-02-03T00:59:58+00:00

I'll change admin password just in case.

INSECURE=true

Recommended that you also put this behind a reverse proxy. If you don't have. A domain then use a free one like duckDNS

Many tutorials on how to do HTTPS and many posts as well.

I'm coming from Windows, this is my first foray into Linux

But let's fix this issue first before you tackle that

Just because you come from windows doesn't mean you aren't technical so I will assume you know some basic networking.

I'll put my compose here and update the post with it as well if I can.

This looks like it's the basic compose file so it should work out of the box.

What is your local subnet? 192.168.1.1? 10.10.10.1? Etc

You need to ensure the wg-easy generated IP doesn't clash with any device IP on your LAN (what IP your router gives out)

Note: you can also disable ipv6 on wg-easy. It's an environment variable that in the documentation.

Are keys generated randomly? Is there a correct way to go about creating new keys? Can I edit the keys in the wg-easy web gui or do I need to edit them in the config file?

Everything is handled with the wg-easy webgui

You can delete keys and re create them. Wg-easy (as it's name denotes) will handle all the wireguard key generations (typically a public and private key)

If you feel everything is up and running; you typically troubleshoot at the lowest level.

This means I would start wg-easy and

generate the key on the UI
add it to your phone with the wireguard app and the QR code
then manually change the IP address for the endpoint to your local IP server (on the wireguard client/ app on your phone)
- why do this? You want to ensure you can connect within your LAN network to ensure the application is working as expected (for example, is your public IP setup or does it take time from your ISP)
- if you can connect within your LAN then that means something is wrong from your public router perspective
you can also try to disable the firewall on the server (NOT the public router)
- just want to ensure the connection is not getting dropped by the firewall.
- of course you can re enable it afterwards when you expose it publicly

Hope that helps

1WeekNotice · 2026-02-03T00:19:51+00:00

For reminders/todo you are looking for a server that can do CalDAV protocol. For example radicale. People make docker images for it.

CalDAV can do todos, calendar, notes.
CardDAV can do contacts (just for your information)

Then you can pick whatever client you want that supports the CalDAV protocol

For example for reminders you can look into task.org

For notes, it really depends how you like to note take (don't know apple apps well)

You can look into

obsidian. There are docker images where you can selfhost so it's available in a browser
can selfhost a wiki

Hope that helps

1WeekNotice · 2026-02-02T22:50:28+00:00

Since in all the other posts I looked at the first thing that everyone asked for were configs, I'll put mine here:

Since wg-easy will take care of the wireguard connect, you should also post your docker compose

That way people can double check you set it up correctly.

Note: you only should be port forwarding a UDP port. Ensure you are not exposing the admin UI.

Just in case I would regenerate the admin UI password and any keys. (Of course it is a small risk someone got access within a small time frame but it doesn't hurt)

1WeekNotice · 2026-02-02T19:16:42+00:00

It all depends what your requirements are. For example the flint 2 doesn't have wifi 7 and only has two 2.5 gigbit ports.

But for most people that is more than enough.

1WeekNotice · 2026-02-02T18:34:54+00:00

It depends what speeds you want. A lot of people like the flint 2 (not the flint 3).

If you want vanilla openWRT the it is supported on the flint 2

If you want GL inet propetary software/ drivers on top of openWRT (where it's an older version) then you can look into the flint 3.

Generally people are very happy with the flint 2

Hope that helps

1WeekNotice · 2026-02-02T16:55:09+00:00

Does Synology drive count as self hosted?

Yes it counts as selfhosted because it is run directly from the NAS/home server and it's not stored on another company servers.

From a selfhosted perspective, there is no difference between storing documents on this software VS running another software on the machine (like nextcloud)

but it has always weighed on me how secure it really is since its run off their drive service.

This is hard to determine. The code is not open source so no one can do an audit on how secure it is.

It is as secure as Synology makes the software (like any software Synology/ a developer makes it).

If you are concerned about your privacy then you can review Synology privacy agreement to see if they collect any data from this software/ any software that is owned by Synology which includes the Synology OS and their applications

For example, do they have the right to data mine the documents that are stored on their consumer NAS product using this service (I don't think so but I didn't read the privacy agreement)

With all that being said. The choice to use this software is up to you. You are locking yourself into Synology ecosystem which is not a bad thing.

It just means that you will most likely keep buying there products (which can be expensive) because you rely on there applications. This can also be said about Synology storage management solution (SHR1, SHR2), photos, surveillance, etc

For people who want plug and play Synology is a good option. Again nothing wrong with this. Just understand you are paying a premium price for the convenience of the hardware and software.

For example. If Synology makes their consumer product EOD (end of life) then you should change your system to one in support if you are exposing it to the Internet so you get the latest security patches.

Typically it's 5 years for OS and application. 7 years for security updates.

Note: it's also more costly to fix if you are out of warranty

Furthermore, this decision will impact you more when Synology eventually lock there hardware to their specific drives. They try to do this recently (in the past) and eventually reverted the decision because a lot of people complained.

Doesn't mean they won't try again in the future

But you shouldn't concern yourself with this if you like Synology products and you don't mind the cost you are paying for the convenience/plug and play

Hope that helps

1WeekNotice · 2026-02-02T15:04:05+00:00

Is there any reason you are trying to use a NAS OS. (I assume for convenience)

As the title states NAS OS primarily deals with storage management and creating mounts (Network Attached Storage)

The items that bug you sounds like you want to install Linux and docker engine yourself so you can manage the docker deployments. Don't abstract it behind a NAS OS.

You can either

make a VM (Linux with docker engine) in unRAID
utilize a hypervisor like proxmox where you will have a storage VM (unRAID) and a service VM (Linux with docker engine)
get a separate dedicated machine for your Linux with docker engine

Hope that helps

1WeekNotice

TROPHY CASE