I used to back everything up before I broke the 50TB mark. Just can’t justify it now. I even looked at LTO drives for backing up the multimedia but they’re still to expensive for the higher capacity drives. And then you need tapes…

All the truely good content will always be out there somewhere on the net.

The script I use to generate the file lists is very very basic. Nothing special no formatting the lists or anything since it’s just for that oh balls, everything is gone scenario.

ls -alR /mnt/volume1/media > /mnt/volume2/backups/file_lists/media.txt

ls -alR /mnt/snapraid/data* > /mnt/volume2/backups/file_lists/snapraid.txt

Those text files are also part of the files backed up with PBS so I can always go back and restore previous versions of them. You may ask why I generate the list twice? The first is just everything inside the media folder on the volume1 mount point. The second let’s me see what files are on each individual drive so if only 1 drive dies I can just grep the text file and output to another text file and show me what is on that 1 drive.

Ah yes. My storage system is 2 x Supermicro CSE-846 cases. Only one has a CPU and motherboard, the other is acting as a plain Jane JBOD.

Hard drives I have 21 x 8TB 7200RPM mix of Seagate and Western Digital and 4 x 16TB 7200RPM from Seagate. I use mergerfs and snapraid. Mergerfs presents all the 21 8TB drives as one mount point. Snapraid uses the 4 16TB drives to provide 4 parity drives. Note that snapraid is not live and the parity is only updated after running a “snapraid sync” which I run nightly.

I only backup my songs and music videos. The rest is easy to get again. I have a script that generates a list of every single file I have each night. So if the day comes it wouldn’t take too long to get back to where I was. The other reason I use mergerfs is if 1 drive dies, I only lose the files on that one drive and not the entire array. The truely important stuff such as tax documents, mortgage details, family pictures, will & estate documents are stored on a 2 x 8TB RAID1 and all backed up nice a safe using Proxmox PBS. The PBS datastore is synced to 2 remote locations as well as to external drives that I keep offline and rotate.

My Jellyfin library:

1,152 - Movies

552 - Shows

37, 062 - Episodes

491 - Albums

6,558 - Songs

362 - Music Videos

14 - Concert Films

Files are a mix of 1080p and 4K. 264 and 265. Standard and REMUX.

Total space used is currently 149.90TiB

deleted by creator

deleted by creator

deleted by creator

I use a Brultech GreenEye Monitor in my panels to monitor each breaker. Feeds data to a Brultech Dashbox as well as to Home Assistant.

I use Proxmox PBS for all my backups. Datastore is on my file server at home. I sync the datastore daily to a little NAS at a family members house and to a super cheap storage VPS on the other side of the country. I also do a manual sync to an external drive that keep offline at home.

Any super important documents such as tax records, health related files, backup of the data volume from vaultwarden, or anything related to wills & estates get backed up as well to 2 USB thumb drives that are LUKS encrypted. I keep 1 in my go bag and another is hidden somewhere… Thumb drives get updated once a month, or sooner if anything major changes.

No problem. It’s a great piece of software. I have it monitoring logs for nextcloud, vaultwarden, mailcow(postfix & dovecot), basic nginx proxies (just to be safe and for rate limiting). I have 4 OPNsense and 1 Debian bouncers.

I had an issue with so a note about setting up the bouncer on OPNsense. If you have the LAPI on a different machine you can currently only connect OPNsense to it using the command line. The LAPI options in the web interface are for defining the interface to bind to and run the LAPI on OPNsense itself. Which isn’t an issue, I just wanted it on a VM so it’s easier to keep online instead of it going down if the OPNsense it’s on fails. Plus I like to keep SSH disabled on my OPNsense devices and spend a bit of time using cscli on the LAPI VM from time to time.

I’ve been thinking about going this route. What size subnet are you banning? /24?

Only thing stopping me is I selfhost email and don’t want to ban say a whole subnet from Microsoft/Azure and end up blocking the outgoing servers for O365. I’m sure I can dig around and look at the prefixes to see which are used for which of their services just haven’t had the time yet.

Crowdsec with a central LAPI server. You should install it on the servers themselves to monitor the application logs directly. Then every bouncer(firewall, router, edge device) connected to the LAPI will all block the same IPs. I got sick of repeat offenders and upped the ban time to 1 year in hours.

deleted by creator

deleted by creator

deleted by creator

No worries. Better than reading that someone got hacked because they left Jellyfin wide open

You could even run a travel router, mini PC or Raspberry Pi, run the VPN on it, connect the Roku to it over the onboard WiFi adapter. On the PC/Pi you’d force all the traffic from the Roku towards Jellyfin over the tunnel. You could even define the Jellyfin in DNS (/etc/hosts) so the internet will never even know you’re running Jellyfin. Something like https://raspap.com/ or even a openwrt travel router from the likes of GL.iNet would work.

Do not. I repeat do not expose Jellyfin to the internet. It has too many security issues to be directly accessible from the internet.

I use Jellyfin and only access it over WireGuard. I have a mesh setup between the routers at a few family members houses.

If you have absolutely no other way then to expose it to the internet you need to make sure that you whitelist only the approved IPs in your VPS firewall and block everything else.

https://www.recompile.se/mandos

I use this to get wireguard in intramfs. I just skip the dropbear related stuff. https://github.com/r-pufky/wireguard-initramfs

I use LUKS on my systems. I use mandos and wireguard in intramfs to connect to a mandos server to unlock LUKS during boot.

Nope. I’ll stick with OPNsense which is open source.

Thats unfortunate. I simply shared my experience. Been a customer for over 5 years so maybe they’ve changed their on boarding of new customers and the emails that are sent out.