I think your bigger problem with that board is going to be that PCIe slot is a PCIe 2.0 x1 slot so it will be slow but you can just use an adapter like this:
https://www.newegg.com/startech-com-model-pex1to162-pci-express-to-pci-card/p/N82E16815158223
Flexible versions exist too! I’m also not sure you would get a lot of benefit out of a GT730 really so YMMV.
Lots of good suggestions here already but what is your upstream DNS provider and is it your ISP DNS from DHCP?
Lots of good alternatives advice already here but I have a couple comets and they work pretty well! They don’t require cloud access except for updates if you want them, I think it has Tailscale built in as well. Their newest one has an HDMI pass through as well which is handy in some situations. I have the PoE version of the other one and it works the same way, the power control kits work too! I also have a jet KVM and it’s fine, I like the comet better I think! They have also open sourced their cloud thing so you can centrally manage them all, it’s pretty neat!
Okay lots of good info here but just to make sure it was clear that you are kinda solving two different but related problems. Connectivity with WireGuard or other VPN and split-horizon or multi-horizon DNS (Wikipedia) which also called a view sometimes (like BIND) and can also be done with two different DNS servers. You can sorta do it with AdGuard but it is tedious to maintain. If you are using a wildcard rewrite it works alright but that isn’t necessarily the same as a CNAME or subzone delegation.
The next pice I’m not sure I saw mentioned is that WireGuard is not like other VPNs in that if two nodes are on the same network they will generally communicate directly peer to peer even over WireGuard addresses so you don’t really need to worry about traffic hairpin like you described unless you configure it to do so (which is more like traditional VPN would act). Tailscale is similar in concept but it uses different terms and technologies.
Anyway not sure if that helped or made it more confusing but there are may ways to solve it so good luck! FWIW, my home network is currently set up with a public zone on a commercial provider. It has a wildcard CNAME to something like proxy.domain and that is an A record containing the WireGuard addresses. Then my local DNS overrides the one A record for the proxy internally which I only get when WG is off. I would rate this solution adequately functional but medium level of janky, 8/10 would use again :D
Okay I saw your previous post but I’m curious now. What happens if you curl your IP address on port 80? Does it send back a 30X redirect for SSL to your newly configured subdomain as the new default location for r do you get back your IP but using SSL?
I had a few ideas, I’m suspicious that handbrake is falling back to CPU, maybe check the logs of the container to make sure it isn’t falling back to CPU decoding. Otherwise here are a few things I would check next:
So I had a few thoughts. I’m not sure that you can use the docker device flag with a directory as you have there, I think it expects a device node, you can pass that directory as a volume (-v) though.
If that doesn’t work you might also try running the VM with host-passthrough mode set on the CPU as well if it isn’t set that way already, sometimes that is also required for pass through to work from my experience. Also, make sure you passed through the whole device node, sometimes there are audio devices you have to pass through with the GPU device or you will get odd errors like those initialization ones you had. I’m not sure if this is the case for Intel iGPU though offhand though. Are you able to use intel_gpu_top on the VM to access the GPU? None of that is necessarily specific to proxmox though (but probably applies to anything libvirt powered) so YMMV.
Edit: I realized you may not know what a “device node” is, that is the full path to the device, like /dev/dri/renderD128 vs /dev/dri which is actually a directory.
I do on some of mine because it makes some of the automation i have for them simpler to maintain when it is also applied to x86 hardware or virtual machines. It used to be a huge pain to use on a pi but it works pretty well these days, especially since about 24.04 I want to say.
Oh it is certainly not just you, I am sometimes confused reading them even for commands I have used for years and I know what flag I am looking for but don’t remember the exact syntax or something hah! I am glad they are there but they are definitely not a complete guide to any command, especially built-ins.
Interestingly, this is something AI has been very useful for to me, less searching because I can describe the outcome I want and it figures out what I am talking about generally.
Okay so the disks aren’t also on UPS? That might actually be even worse than the whole thing getting turned off, ZFS is definitely not meant to be run on removable disks like that.
Okay so when you say “unplug the power” do you mean shut it down first or just pull the plug? The latter is a great way to corrupt your storage pools as ZFS uses memory for read and write cache etc by default. You definitely need to do a graceful shutdown especially if there is data that was recently written to disk, that’s why a UPS is so recommended. That said you can usually import an existing pool when that happens, I think there is a UI menu for it now.
Have you tried adding 239.255.255.250/32 to your outbound subnets variable? This is the multicast address for SSDP which mDNS ultimately relies on if I remember right, I recall having to do this for Plex in the past.
Just to make sure, all of your links need to be in quotes if they are not. The : in a url can make some yaml parsers think that it is another block, there are other URL safe characters in general that are special characters in yaml so it’s a good idea to put them in quotes.
This is a cool idea! This sounds a lot like what DANTE and AES67 or AVB are used for in pro audio (mixing console sends multichannel and outputs can subscribe to one or more channels), maybe they have some ideas on timing sync which I think would be the hardest part as others have said, it is crazy how small of a jitter your brain can hear.
I remember your first post a year or so ago and dang you have been busy, it looks really great. I will definitely be installing this at home to organize product manuals and such.
I don’t have anything to add but I am glad someone posts this every week, I always find something new, so please keep it up :D
Just to add my 2c, I just started using this the other day just as an quick UI for ollama and I was blown away at how many features it has and i think the interface is well done. It’s really a great tool so far and I’ll definitely be using it more going forward!
I know you solved it but for anyone that finds this later this feature/behavior is typically called “NAT Hairpin” in case you are looking for a setting to enable or disable, hope this helps!
+1 for Raindrop, that app is amazing, I keep watching for a self-hosted version/alternative that is as good and they are getting closer. The killer feature for me is being able to highlight stuff and then when you visit the site again you see what you have highlighted (in addition to saving them elsewhere). I also pay for premium because it’s great, I don’t use a ton of the pro features either.
So I am pretty sure that error is happening because certbot can’t retrieve the certificate which is coming from that API no matter what type of challenge you are using (this is what ACME is).
Now when you say you are blocking inbound traffic, have you made an exception for established outbound session return traffic? If not then you your inbound rule will block all traffic because without that exception the explicit deny will typically override any session/stateful based rules your firewall might have by default (this applies to most firewall vendors I have run into).
That said, I’m not sure what your goal is but blocking outbound traffic to those ASN might be more effective for you anyway because your firewall should already be dropping any inbound traffic that isn’t otherwise allowed so I’m not sure blocking inbound traffic really gains you anything but I’m just guessing. Hope that all makes sense!