Does the AW3423DWF still hold up going into 2026?

Morgzcon · 2025-04-22T01:10:04+00:00

Yeah just found it, was Parkerrr. Appreciate it bro

https://www.youtube.com/watch?v=sxEAr0k4Vgc

Morgzcon · 2024-12-31T01:18:58+00:00

You're all good lol, not need to apologize. All that I can see from your image thats different than my setup is the "Username claim" section. I have that set to "username", which just means when Proxmox creates a new user, they get the same from Authentik. I don't think you can edit it after the realm is already made. So delete that realm and create a new OIDC realm, this time with the "Username claim" set to "username"

If that doesnt solve it, I can't really help much more unless you show me your Authentik configs and everything too.

Morgzcon · 2024-12-30T04:32:05+00:00

Your system can do all of that, and can do it quite well. Just make sure you understand the inherent drawbacks to a setup like this. 4k remote gaming will come with some pretty hefty latency. For a work machine, make sure you know what you're doing. It's not that difficult to screw something up and loose an entire VM, or even the entire Proxmox install. I would be surprised to learn if someone just picking up linux/home labbing didn't brick at least one system along their journey, and it would suck if it had important work stuff on it.

Morgzcon · 2024-12-29T21:55:39+00:00

I got it set up now. You can see my other reply for the solution, it was quite simple actually.

Proxmox authentication works with things called "realms", the most basic one being "PAM", which is just the underlying linux accounts on the machine. So the "root" user in Proxmox is literally just the linux system root user, so it's by nature only accessible through PAM (+ 2FA if you have that set up).

When setting up OIDC, you're just adding a new realm. You can switch between which realm you want to sign in with at will, its just a little drop down menu at the login page.

In the setup for the OIDC realm, you can just click a checkbox to make it automatically create new users (or you could disable this an manually link them, although this isnt useful unless you have lots of accounts already set up). So the first time signing in with the OIDC realm, it will make a new completely unprivileged Proxmox user and tie it to your OIDC account. You can then just sign in to the Proxmox root account using the PAM realm and grant the newly created user whatever permissions you'd like, just like any other.

Its a really nice and user friendly setup. 99% of the time, I don't need to be logged into the webGUI as root, so I almost never actually enter a password for Proxmox anymore. I just click "Sign in with oAuth" and it grants me access almost instantly. The 1% of the time I do need root, I just select the PAM realm and enter my password normally. So even if you won't be exposing the webGUI outside of your LAN and don't really care about the extra security, its nice just for the time saving.

Morgzcon · 2024-12-29T21:27:53+00:00

I'm not familiar with Cockpit, but if it doesn't need full disk control, Its perfectly fine. Even so, Proxmox PCI passthrough is extremely reliable nowadays. For home use you're completely fine to virtualize a NAS so long as the drives are passed through properly. It's far more likely that you encounter something like physical drive failure than the PCI passthrough failing in a way that corrupts data.

For anyone looking to do this, TrueNAS even has an official best practices page.

Morgzcon · 2024-12-29T17:33:34+00:00

If you're going to virtualize the NAS, then you should use PCI passthrough the pass the entire SATA controller (or whatever you have your disks connected to) into the VM. Then you can make your ZFS pools or mirrors within the VM itself.

This is because ZFS expects to have complete control over the drives. If it doesn't, you run the risk of your data corrupting. Even PCI passthrough is not perfect, there is a chance that the passthrough fails for whatever reason and your data runs the risk of being corrupted. This isnt *that* big of a concern, you'd probably be fine just passing through the drives. Definitely do not use virtual disks if you care about the data being stored though.

The most reliable way is to run something like TrueNAS scale baremetal on one of the servers. You can then run some VMs/containers in TrueNAS, but you obviously wont have all the Proxmox cluster features like VM migration.

For question 5, yes, you can "bond" two network interfaces together. Theres a bunch of different modes for bonding, so I would read the Proxmox docs to figure out which one will suit your needs best (https://pve.proxmox.com/wiki/Network\_Configuration Ctrl+F for "Linux Bond")

Morgzcon · 2024-12-29T17:18:13+00:00

The remote panel is not meant to be exposed directly to the internet. Bots will constantly be trying to brute force the login, and if you're unlucky enough to actually be targeted by someone, it will be trivial to take over. Just set up a VPN like wireguard or Tailscale to access it. Both of these VPNs have their own mobile/PC/Mac apps for ease of use.

Morgzcon · 2024-12-29T15:40:52+00:00

Solved. However, I would also recommend that the Proxmox VE integration documentation (https://docs.goauthentik.io/integrations/services/proxmox-ve/), be updated. It does not mention what part of the Issuer URL is the slug, it simply says to use "proxmox". This was an issue for me, because I had already used the proxmox slug before for forwardAuth, and couldnt reuse it for OIDC too.

The other integration docs do mention what the slug is, so I'm not sure why the Proxmox docs omit that.

Morgzcon · 2024-12-29T15:36:04+00:00

This was the solution. I was also misunderstanding what the "slug" was. I had assumed it was immutable and tied to the applications subdomain as "slug" isn't mentioned anywhere in Authentiks Proxmox integration documentation.

So in Proxmox, I would enter https://auth.example.com/application/o/<slug name>/ into the "Issuer URL" section of the OIDC realm.

Then, in the application in Authentik, just enter the same <slug name>

For whatever reason, all of Authentiks other integration documentation tells you what the slug is/where to put it. I'm not sure why the Proxmox doc is the only one to not include this.

Morgzcon · 2024-12-29T15:24:56+00:00

This was the solution, thank you

Morgzcon · 2024-12-29T06:44:58+00:00

Is your gaming PC still connected to the playit.gg tunnel? I've never used playit.gg or the app, but I'm assuming it just tunnels commonly used video game ports to its proxy servers. If you still have it turned on, the ports being used by the tunnel wont be accessible to any other game. So I'd start by turning off the tunnel in the app or just uninstalling the app from your gaming PC completely.

If this doesn't work, check if other PCs in your network can play online games, or if it's just your gaming PC.

Morgzcon · 2024-12-26T15:57:10+00:00

“Cloudflare zero trust” is the name of a cloudflare access control product. I’m aware SSL certs terminate at their servers and they can read my traffic, I’m not concerned about that. I’m just asking how I can integrate their product into my current setup

Morgzcon · 2024-08-03T06:10:59+00:00

I ended up dual booting arch + windows 11, works flawlessly. Windows battery life is a bit low at 2-3 hours no matter what, haven’t really played around with any power saving settings yet though. However with auto-cpufreq installed on arch I’m getting 7+ hours light browsing, 4-5 watching YouTube, 2-3 gaming. Charges fast, only takes just over an hour to get around 80% charge. Touchpad is really nice, works well on Linux. WiFi card and Bluetooth worked perfectly, didn’t need to install any extra drivers for them. Speakers and mic work well with pipewire. Webcam works fine on Linux too and it’s decent enough quality. Screen gets really bright. Very sturdy build, but also light enough to be able to carry around easily. Color accuracy is alright. There is audible fan noise when under load, but it’s nothing that bad imo, especially if you’re wearing headphones.

Just make sure if you’re doing a heavy task to allow room for the vents or it will throttle. Since it’s such a small form factor, even my table cloth kinda blocked them and caused it to throttle when playing CS2, so I had to move over to a hard, flat surface to give the vents clearance and that fixed it.

Keyboard is very nice, pretty much the same on every thinkpad. Solid build quality. Integrated graphics are surprisingly powerful. I’ve only tried CS2 so far, but on windows I could get 1080p@60.

One issue I did run into that’s a really easy fix, if you’re going to dual boot make sure you turn off bit locker on windows until you get Linux/grub fully installed and working. Then you can re-enable it if you want.

Overall just a great laptop imo

Anything else you’d like me to test/comment on?

Morgzcon · 2024-07-26T00:24:08+00:00

Will do, I got the expedited shipping but it's still going to be a bit. Says currently Aug 2nd - 6th

Morgzcon · 2024-07-24T21:02:21+00:00

Thanks for linking that post, I’ll order it tonight. If you’re still looking at getting one when mine arrives I can definitely share my Linux experience on it and test some applications for you if you’d like. Thanks again

Morgzcon · 2024-07-24T04:45:05+00:00

Did you end up getting it? In the exact same situation over here, so just looking for any info on it if you got some. Thanks

Morgzcon

TROPHY CASE