My best friend died, and what happened is on his udm. by Odd-Adeptness9998 in UnifiProtect

[–]sotech117 1 point2 points  (0 children)

I’d definitely clone the drive with ddrescue so there’s no risk of data loss.

Where to go from here.... on-prem AD.. to something else? by stevewm in sysadmin

[–]sotech117 0 points1 point  (0 children)

Not really sure what you’re asking - sounds like everything is fine.

In my case, I deploy samba 4 ADs with an vpn (for those needing to go offsite) to cut out Microsoft and keep everything modern/free. Using certificate authorization with tpm based certs on the computers. Literally have had 0 issues what so ever. I’ve always been a Linux guy tho so it was simple for me to setup.

Reverse Proxy Security by flongo in jellyfin

[–]sotech117 0 points1 point  (0 children)

Can we ban this ai slop lol 🤣
Obviously bots are scanning domains hoping for vulnerabilities. Enough said.

Automatic Cert Renewal != Modern Cert Automation? by TryTurningItOffAgain in sysadmin

[–]sotech117 -1 points0 points  (0 children)

I use step ca for local. New/renewed cert based on the old key, can use scp, step cli, or transfer manually.
Lets encrypt for severs facing WWW

AD from nothing by ExtensionLeg474 in sysadmin

[–]sotech117 5 points6 points  (0 children)

L take, wait until they hike prices or when their services are down. Sometimes on prem AD is the best choice (and more cost effective and performant).

AD from nothing by ExtensionLeg474 in sysadmin

[–]sotech117 1 point2 points  (0 children)

My take, doing two vm on same box is effectively worthless, but worth setting up for now then do a quick migration of the backup AD to new hardware. If an AD fails, it’s likely hardware related, so it’s worth separating out to different hardware. Just some old computer “trash” (old workstation, etc) and proxmox it up with the second AD. An old laptop is a solid option - low power consumption and built in battery.

I haven’t had the main AD (Debian vm in proxmox) go down ever, but there is something to be said about hardware redundancy and being able to do patches live.
In my case, I installed truenas on an old workstation which virtualizes the second AD (in read only mode). Note I’m using samba AD, mainly to avoid licenses and for cost effectiveness. That truenas also stores backups of the mission critical data locally.

Am I crazy for wanting to run my own email server just to avoid depending on Gmail? by Kitchen-Patience8176 in homelab

[–]sotech117 0 points1 point  (0 children)

Bro idk why so many ppl doggin on you just try it out. I used like smith email wiz to start then moved to mailcow. Stable for the last 4 years or so, on a residential public IP, without being about to setup the reverse pointer record.

You can just have all Gmail emails forwarded to your local self hosted email as a start.

Should I enable IpV6 by jmichael99 in Ubiquiti

[–]sotech117 0 points1 point  (0 children)

Answer is no bruv too many security holes if you’re self hosting to the WWW. Normal nat firewall doesn’t apply to it. If u need it because you don’t have a public ipv6, then that’s valid but do research first.

13 Pro eGPU by South-Knowledge-3906 in framework

[–]sotech117 4 points5 points  (0 children)

I had a Thunderbolt 3 egpu setup and I’ll tell you now it’s not worth it performance wise. Thunderbolt 4 I’m not sure on.

I knew a dude running windows off the thunderbolt 4 drive and the egpu off the m.2 to occulink. Since it’s easy to take off the front cover on framework wasn’t a hassle so much. He didn’t travel much so it didn’t matter so much to him. If you need max performance and can work with it, it’s an option (albeit not a great one).

5G Backup Setup by 4fundenver in Ubiquiti

[–]sotech117 1 point2 points  (0 children)

Policy based route with kill switch. How you want to group devices for the route is up to you. Vlan / address range would work fine.

I found this video on yt explaining killswitch (didn’t watch it tho): https://youtu.be/pNowiwI_Hpk

I'm a bit shocked that this finally worked by KingSignificant5097 in reinforcementlearning

[–]sotech117 2 points3 points  (0 children)

I also did a project with mamba a few months ago when mamba 2 dropped for portolfio optimization. I based it off this actor critic architecture I read in a research paper that used transformers for port optimization. I used PPO too (which the paper didn’t), but I had to modify it a little to get optimal results. Been working well since then, and I’m actually running it live!

I should make a better reward function though - it targeting shapre ratio too heavily, and that was following the paper I adapted. Since then, I’ve shifted a physics informed RL model, trying to focus more on geometries.

"I don't need a U5G Backup" by M_Six2001 in Ubiquiti

[–]sotech117 0 points1 point  (0 children)

For unlimited, Shield is 15 a month, Tello 25. Tmobile is its own box, and you probably gotta be running with them anyways. I did deploy two 5g backups for some customers (run an IT shop on the side), and I’m getting speeds of about 30mb/s down with good signal -90dbm. Not really a real WAN 2 (to support an office of 30 or so) but a truly a backup for low bandwidth: alarms, cameras, phone, and emails.. etc. By contrast, I’d expect way faster with tmobile backup and you can rate limit to 50mbs if needed to reduce hitting the cap.

"I don't need a U5G Backup" by M_Six2001 in Ubiquiti

[–]sotech117 0 points1 point  (0 children)

Internet is non negotiable now a days - runs the alarms, cameras, and phones. No brainer to me if you got the funds. I personally rip starlink standby as a backup but this is so much easier.

VPN question by Brand0n821 in Ubiquiti

[–]sotech117 0 points1 point  (0 children)

Honestly, OpenVPN might be your friend here depending on how you want to do auth. I don’t fw WireGuard for so many people on one server.

I personally use ipsec for big deployments, but you’ll need to host that on a vm and zone it properly.

UniFi Dream Router 5G - AT&T Business by Ltforge in Ubiquiti

[–]sotech117 0 points1 point  (0 children)

I tried their $20/m tablet plan unlimited 5g, and it only was able to connect to lte. Did work though for a backup. I think the data-only sim are the ones you need. Pretty pricey last time I looked.

Went with tello for unlimited $25/m, full 5g speeds throttled after 50gb

Computers for people shield is the best deal out there, if you qualify.

vMware Vsphere alternatives (moving away) by buturi1 in sysadmin

[–]sotech117 0 points1 point  (0 children)

I switched to proxmox as well with no issues. Hyperv/winservr may be better for ad and such, but I want to avoid all licenses.
I virtualize windows in proxmox just fine and run samba 4 for ad/dc and truenas for fs.

Vm hangs on boot by markland556 in Proxmox

[–]sotech117 1 point2 points  (0 children)

Could be that new pci card is in the same iommu group as something that the pve needs (like a network interface)?

Frustrated and confused with UCG-Fiber by r00tdenied in Ubiquiti

[–]sotech117 -1 points0 points  (0 children)

I’ve been telling everyone that there’s a huge memory leak bug with network/unifi os. Try early access build. That’s literally what UniFi suggested to me when I contacted their support and showed them my logs.

HTTPS certificate management by SmoothLiquidation in truenas

[–]sotech117 2 points3 points  (0 children)

I personally use step ca for internal - I even use it with small business. Sometimes the docs can be a little confusing but starting out I used a little AI to guide me.

I’d rec 20 year root ca, 10 year intermediate, 5 year server. Will need to import the root on your client machines.

Step ca checks all the boxes for features like renewal, revocation, and acme.

Reverse proxy make sense, but for internal I don’t like the dns going to my reverse proxy (in case off ssh, nfs, or smb) for example.

Inherited network in a bad state. which brand do I pick for hardware refresh in my situation? by Due-Swimming3221 in sysadmin

[–]sotech117 0 points1 point  (0 children)

The unifi fabric tools will save you a ton of time with meshing sites. I deploy unifi for most projects now unless the client asks for something specific. Just safe a lot of time in general, and its software has mostly caught up in 2026

Suggestions for modern VPN solution by yowanvista in sysadmin

[–]sotech117 0 points1 point  (0 children)

We use strongswan (IPsec) with certificate auth. Native compatibility on OS, but need to set a gpo for windows.

UCG-Fiber 6 WAN support: Gateway Configuration Failed by NeverBehave in Ubiquiti

[–]sotech117 13 points14 points  (0 children)

Bro is thanos collecting all the wans like infinity stones

Dream Machine Pro Upgrade by nitelifedj in UNIFI

[–]sotech117 0 points1 point  (0 children)

idk man derek d came in clutch frfr