that sounds like poor garbage collection in an application.

I’ve written software that had similar issues when writing to files and I failed to “close” the file after writing.

processes stay open, files stay open. 500 byte processes times 10000 orphaned process can make for a bad time.

if you have anything publicly exposed and you’re not using a siem solution you’re gonna have a bad time.

IMO vlans are the nuclear option to network separation.

try setting up some proper firewall rules first. if that doesn’t solve your issue then start going down the vlan route.

some BIOS has auto start up times, so if you’re not using it all the time you could just shut it down and it will turn on everyday at the same time.

make sure you set your containers to start automatically.

is that last one Gary Glitter?

budget? kiln-dried spruce 2x4 and vertical rack rails. they come in multiple lengths.

I built mine like this along with some 400pound rated castors, and some 1/8in MDF sheets to cover it.

I love it tbh. I’ve got all my network infra in its own cabinet inside that has its own cooling vents separate from the servers, that also have their own cooling, that are separate from power dist/batteries that have their own cooling.

been running fine for almost 9 years now.

the sides are paneled so it’s really easy to take one off and do any cable mgmt too.

I have found docker hates locally mounted NFS mounts direct to volume mounts. its kind of like symlinking a symlink of a symlink.

best way I have found that this works is to use CIFS and declare a NAS share to an actual docker volume and then mount that inside the container like any other volume.

personally I would have preferred NFS, but here we are.

it has something to do with how NFS connectivity maintains a connection. it’s not “always on” but is inefficient when it quickly needs to reconnect for a read/write request. or at least something like that.

he only said I was a dumb bitch and hit me because I told him I didn’t vote for Trump. he’s not like this all the time.

when people tell you who they are, listen.

this is great, especially when our government starts tracking everything we do online.

great forward thinking if that was your intention.

“how do I add remote access to my servers?”

don’t.

create a new server that’s accessible via VPN and then access your servers from there. then actively log all connections from that device and alert anytime someone or something connects to it.

what is more secure? a house with twenty front doors or a house with one front door and an alarm on it.

fuck yeah. I’ll happily deploy this to my stack.

I think many people just learned the first lesson of “trust but verify”. 🤣

yes. all of the images I use are cached and stored in my locally hosted gitlab registry.

I think I’ve got around 120-140 images. a lot of what I have is just in case of an emergency.

I’ve always imagined I could build and run technological infrastructure after a social collapse or something, so I have a lot of images that could be a good basis to start with. Most OS images, popular DB images, etc. it would probably never work, but I’d rather have the option than not.

I2P is a secure network protocol. to your ISP it’s just an encrypted stream.

it can work across any network connection. Bluetooth, Lora, ARRL, etc.

the way I interpreted your comment presented the possibility that the ISP would cut services based on the content being hosted, not as a wide area communications disruption.

https://geti2p.net/en/

I2P

pihole has got the best UX for DNS management hands down. it’s easy, not overly complicated, and perfect for entry-level selfhosting.

the fact that it actively blocks ads is a bonus.

I had a r610 running last year. two 1kw PSUs running 24/7. when I migrated to new hardware my monthly electrical bill dropped around $75 a month.

it sits in my rack as a shitty reminder that commercial hardware is cheap for a reason.