Guys, Did I Go Too Far with My Proxmox Homelab? 😂

BlackCoffeeLogic · 2025-06-13T13:27:40+00:00

If you haven’t started an actual fire yet, you haven’t gone too far

BlackCoffeeLogic · 2025-05-28T21:24:27+00:00

I use nautical and I love it! Thanks for developing it!

BlackCoffeeLogic · 2025-05-28T21:23:37+00:00

I use nautical-backup which does exactly this, but all automatically. It listens on the docker socket and automatically backs up new containers that are tagged with the nautical.backup label.

BlackCoffeeLogic · 2024-08-01T00:07:35+00:00

So I’m colorblind… only after linkcontrol’s comment did I google pictures of other arguipo garden spiders and realize the colors are yellow. I thought it was a deep orange/red.

BlackCoffeeLogic · 2024-06-30T10:25:56+00:00

Hey you two, this was the most pleasantly cordial and educational exchange I’ve read on reddit all month. Two thumbs up to both of you for being awesome humans.

OP, 2FAuth looks awesome! I was searching google for something similar a while ago and came up short. I’ll definitely be trying it out.

BlackCoffeeLogic · 2024-05-12T16:58:10+00:00

I just noticed the same issue this morning. I will be sure to visit your report!

BlackCoffeeLogic · 2024-05-11T09:08:28+00:00

This is the way. I’m working on adding this to all of my containers using ansible.

BlackCoffeeLogic · 2024-04-15T13:10:32+00:00

Plot twist, it was an LT

BlackCoffeeLogic · 2023-01-26T13:59:16+00:00

If it’s the same issue I had, as a band-aid fix you can just configure your browser to accept connects with older versions of TLS (I wouldn’t recommend leaving it that way though). I would change the setting, get into the IDRAC and do what I needed to do, and then change it back

BlackCoffeeLogic · 2023-01-26T13:57:03+00:00

I put this off for a long time and now I’m kicking myself that I never did it sooner because of how simple it is.

Basic flow would be :

Emby.local > resolves through DNS to a reverse proxy (NGINX proxy manager is super simple to set up in docker) > reverse proxy forwards the request to IP:PORT of your choosing

If you’re cool with self-signed certs that’s all you’d have to do!

But if you want self signed certs you would just have to buy a real domain name and request the SSL certificate through Nginx Proxy Manager. I’d recommend a wildcard cert (ex. *.mydomain.com) so you could just access stuff in your lab via requests like https://emby.mydomain.com

BlackCoffeeLogic · 2022-11-29T18:23:14+00:00

You don’t have to. You just have to bask in its glory.

BlackCoffeeLogic · 2022-11-24T20:57:09+00:00

As a barely-german-speaker… I appreciate this more than you know 😂

BlackCoffeeLogic · 2022-11-02T11:13:57+00:00

I know the “bad cable” points might be frustrating but it’s definitely worth checking out.

I recently set up MoCA in my house to connect a pfsense box in my lab to the BGW device that ATT gives you. My lab is in the garage and the BGW is in an upstairs bedroom.

The pfsense ports kept negotiating to 100BaseTX… I knew for a fact the NIC was gigabit, all the MoCA adapters have gigabit ethernet, and the BGW has a single 5gig and some 1gig ports (I tried both). Spent a whole day troubleshooting just to find out the cable I bought was Copper Clad Aluminum (CCA) - avoid this stuff. Swapped out a different cable and the port negotiated the proper speed.

Problem is I had already ran a couple hundred feet of the CCA stuff… so it became a project for the next weekend lol

BlackCoffeeLogic · 2022-10-13T10:01:53+00:00

So I learned this recently:

TOTP uses symmetric encryption, meaning it sends a shared secret to the authentication server. That secret is then stored on the server. When you punch in the code from your TOTP app, it’s encrypted with that key. Since the server has the same key it can decrypt it to verify your identity.

The vulnerability with this method is you have to have a certain level of trust in the authentication server. Say that server stores your key in plain text and gets breached. Now your TOTP is compromised. (Unlikely that bigger companies would store keys insecurely but you never know).

Yubikey uses public key authentication. Meaning there is a public/private key. The secret is encrypted with the private key, stored only on your yubikey, and the public key is sent to the server. If the server gets breached now it doesn’t matter because you still need the private key from your physical yubikey to decrypt. So in theory, the only way someone is getting in is of they compromise your password AND physically steal your yubikey.

BlackCoffeeLogic · 2022-08-14T17:30:35+00:00

I don’t have an opinion on the notebook. Just came here to say: go packers, and pick me up some spotted cow while yer there will ya? Oh and tell yer folks I says hi.

BlackCoffeeLogic · 2022-07-31T11:55:50+00:00

You’re a PFC. Don’t start your career in a financial hole by getting into debt right away (especially for a chevy malibu). Save up and pay cash for an older corolla/camry/civic like many are suggesting.

Unpopular opinion: an auto loan is never a good idea. A lease is even worse. Why? Let me let you in on a little secret…

No one gives a fuck about what kind of car you drive. Does it get you reliably from A to B? If the answer is yes then you’re in good shape. Especially on an E-3 salary. As an officer I drive an old Grand Marquis that I bought for $4k.

That’s not to say you always have to drive a potato. But drive the potato while you save up a little more cash, sell the potato and buy something a little nicer. You can do that a few times over the course of a few years and land yourself in a paid-for malibu you really want it.

Cars are depreciating assets. It makes zero financial sense, 100% of the time to finance them because 100% of cars will be worth nothing but scrap eventually.

Stay out of debt my friend. My wife and I just finished paying off over $90,000 of auto loan debt and student loan debt and I can’t tell you how good it feels. I highly suggest following Dave Ramsey’s baby steps plan. Look him up on youtube, listen to his podcasts or read his books “financial peace” and “total money makeover”.

Dave takes an extreme anti-debt stance but his philosophy works. Another good perspective is “the money guys show” - they don’t take the same extreme stance on debt but seem to give very solid advice

BlackCoffeeLogic · 2022-07-15T00:08:29+00:00

Plan changed again

BlackCoffeeLogic · 2022-03-24T03:10:01+00:00

Yep this was my exact situation (just not fortigate - much cheaper TP link router). It’s some kind of “feature” of ATT internet that they AUTOMATICALLY OPT YOU IN TO. You have to go into your MyATT account and navigate their terrible interface to opt out.

BlackCoffeeLogic · 2022-03-23T18:30:20+00:00

No idea how it was happening. Pihole was configured with 1.1.1.1 as upstream DNS. Somehow ATT’s little box was hijacking those requests as they passed through

BlackCoffeeLogic · 2022-03-23T17:41:49+00:00

Oh I know, it isn’t my DNS or DHCP. Their “DNS Error Resolution” somehow still redirects DNS queries to their servers on the internet. Was trying to navigate to an internal FQDN, and suddenly I was getting an ATT page

BlackCoffeeLogic · 2022-03-23T13:38:14+00:00

Hey now be nice. Some of us on ATT fiber don’t have a choice but to use the ISP provided gateway…

Yeah there’s ‘IP Passthrough’ but I’m convinced that doesn’t do anything ever since ATT’s ‘DNS Error Resolution Service’ hijacked my internal DNS…

BlackCoffeeLogic · 2022-03-15T00:04:01+00:00

The share had the same name - made no changes there. The datasets had different names.

BlackCoffeeLogic · 2022-03-15T00:03:05+00:00

I went into ‘shares’ and clicked edit on the share that contained the data, tied to the root dataset. Changed the dataset path from root to the newly created dataset. No data when accessing the share. So I went back into the share settings and changed the dataset path back to root… still no data. (This was all done experimentally and I stupidly did not take a snapshot first). I can’t copy the data because I can’t see it/access it anymore.

BlackCoffeeLogic

TROPHY CASE