As of Pop!_OS 22.04 LTS, there is no option to set up disk encryption when using custom partitioning during the installation process. You have to choose between using the entire disk with encryption or using custom partitioning without encryption. This is unfortunate since disk encryption is important and custom partitioning allows for advanced setups like dual booting, separate
/homepartitions, or installations that span multiple disks. With a few command line tools, it’s possible to install Pop_OS! with disk encryption and custom partitioning.
I recommend everyone to use a YubiKey as a second factor authentication method for increased security. After a fresh installation of Pop_OS!, the YubiKey authentication in Firefox doesn’t seem to work (I assume the same holds true for Ubuntu and its other derivatives like Linux Mint). The solution is easy: With a simple
sudo apt update && sudo apt install libu2f-udev, the necessary U2F libraries are installed and the YubiKey will start to work. Stay safe on the Internet, everyone!
Home Assistant doesn’t provide a built-in capability to track the amount of time that your furnace or A/C runs each day. Tracking this can be useful to understand your heating/cooling needs and maybe reducing them. This functionality can be added with a template sensor and history statistics. This guide assumes that you have a thermostat in Home Assistant that is exposed as a
climateentity (like most climate integrations are).
Unit conversions in Home Assistant are not straight-forward, but easy to accomplish. For my use case, I have a sensor that exposes a temperature only in Celsius, but I want to show it in Fahrenheit in the Home Assistant UI.
Scrutiny is a tool that collects SMART hard drive data and exposes them through a web UI (read more about SMART on Wikipedia). You can run a central Docker container that contains the database and web UI. Data collection agents on multiple clients will collect the data and send it to the central instance. This will provide a single interface to monitor all hard drives in all servers. I’m using it to monitor my TrueNAS disks and the NVMe drives in my Debian servers.
I have one UPS which powers two servers, one TrueNAS storage server and one Debian server. While the UPS is connected via USB to the TrueNAS server, I also want to shut down the Debian server when the UPS reaches low battery. In order to achieve this, the TrueNAS server has to communicate the UPS status to the Debian server. Network UPS Tools can do that and is supported by both TrueNAS/FreeBSD and Debian. This guide also applies to a Proxmox hypervisor which doesn’t have any special built-in support for UPS devices and should be treated like a regular Debian server.
Adding a second disk to the TrueNAS boot pool will increase resilience of the TrueNAS installation in case the original boot device fails - by creating a ZFS mirror (RAID1). This can be easily configured via the web UI or via the CLI. The way of using the command line interface (CLI) is not well documented, so I documented it here.
I have my modem and pfSense router connected to an uninterruptible power supply (UPS) - useful if you live in California with plenty of power outages. Most UPS units beep when they are on battery power during power outages. Assuming that you have enabled email notifications for the UPS (Services → UPS → UPS Settings → General Settings → Enable E-Mail notifications), it is not really necessary since you will receive an email and the beeping is just annoying. In this guide, I show how to disable the beeps using pfSense.
The Home Assistant Operating System (HAOS) has a couple of advantages over the other installation methods, Home Assistant Container and Core. It includes among other things the Supervisor, add-ons, and backup functionality (detailed comparison). Using the official virtual machine image that is built on top of Alpine Linux, you can get Home Assistant OS running on Proxmox in a few minutes.
When connecting low RPM Noctua fans to a Supermicro motherboard, I noticed that the fans were repeatedly ramping up and down every few seconds - essentially cycling between “normal” RPM and maximum RPM. This is because the normal operating RPM of these fans is below the default threshold of 500 RPM, and the motherboard will go into a critical state and ramp up the fans to maximum RPM. It can be fixed by setting new thresholds on the Supermicro motherboard that fit the low RPM fans. By default, these server motherboards expect high RPM fans, as used in server racks.
You can use a free Let’s Encrypt certificate for your self-hosted Plex Media Server VM. With Certbot and a simple Bash script, this will provide a secure connection without certificate warnings. It will also auto-renew certificates. I’m using Debian Bullseye, but this will work on any Linux distribution.
I run Debian 10 Buster on all of my Proxmox VMs. This week, Debian 11 Bullseye was released, so it’s time to upgrade. You can check with
cat /etc/os-releasewhat OS version you’re running at the moment. For further details on the upgrade process, check out the official Debian upgrade guide.
I run my Plex Media Server on a Debian VM. I think this is the easiest way to run a Plex Media Server and I prefer it over the Docker container version. I’m using a Debian Buster Proxmox template to set up the base VM quickly.
Proxmox templates together with Cloud-Init can be used to quickly deploy new VMs. A template quickly creates a new VM and Cloud-Init will initialize the new VM so that you only have to set the host name and the initial user account. No more installing the operating system from scratch for every new VM. In this guide, I’m describing how to do this with Debian Buster to spin up headless Debian servers.
If you decided that you want to move away from Gmail, you can migrate all emails from Gmail to a different IMAP server. Using the tool
imapsyncthat’s an easy task. It transfers emails from one IMAP server to another and preserves all email data including headers, attachments, timestamps, and folder structure.
To administrate Ubiquiti network equipment you can either buy a UniFi Dream Machine/Cloud Key or host the controller software yourself. This can be done on almost any Linux host, e.g. in a FreeNAS Jail or on a Debian server - both physical and VM. Unfortunately the current UniFi Network Controller (version 6.1) requires some older versions of MongoDB and JVM which makes the installation procedure on a modern Debian 10 “Buster” a bit more complicated.
Using the HAProxy package in pfSense you can set up a simple reverse proxy and SSL offloader on pfSense for your self-hosted applications. pfSense 2.5.0 supports a TLS 1.3 only configuration with maximum security for modern clients. By default, HAProxy offers TLS 1.0 and TLS 1.1 which are considered insecure and should be disabled.
If you max out the upload bandwidth that your Internet connection provides, you might experience degraded performance on your pfSense router. You will see high latency/ping (RTT) and high packet loss. The clients accessing the Internet will experience slow-loading web pages, distorted video/voice calls, and unresponsive behavior. This is known as bufferbloat and is basically traffic piling up on the router due to the Internet upload bandwith being limiting to outgoing traffic.
You can use a Samba server to share music from your file server with Sonos. Unfortunately Sonos only supports the outdated and insecure SMBv1. You should not enable SMBv1 on your main file server (e.g. TrueNAS) for security reasons. An alternative way to share the music is to use a simple Docker container to share files via the SMBv1 protocol. I use this setup to share music files from my TrueNAS server to my Sonos which keeps music files local and works without an Internet connection.
An NFS share can be directly mounted in a Docker container. This is a much cleaner way than mounting the NFS share on the Docker host first and then mounting the host directory in the Docker container. With docker-compose, it is very easy to configure an NFS mount.
You can use UniFi networking gear to bridge two areas of wired networking with a wireless connection. This is a good solution if you live in a home where you can’t run wires between rooms. The setup is relatively straight-forward and I was able to achieve throughputs of 360 to 460 Mbit/s for both upload and download. This is far from wired throughput but still pretty good for a lot of use cases.
It’s important to back up your data. The backup is ideally stored on an encrypted drive so that nobody except for yourself can access your data. This is especially important for removable USB drives because they can more easily get lost or stolen. In this guide I use Linux Unified Key Setup (LUKS) for encrypting a hard drive (which can be an external USB drive but also an internal drive). This is supported by pretty much any modern Linux system, so it’s easy to take your drive to a different computer and access the encrypted data.
After a Manjaro Kernel upgrade the Windows 10 entry in GRUB disappears sometimes so that Windows can’t be booted again.
You can use the UniFi Network Controller to administrate Ubiquiti network equipment from a macOS/Linux/Windows client if you have a Dream Machine or Cloud Key. But there’s another way: Using the FreshPort unifi5 it’s possible to install the controller in a FreeNAS jail so you don’t have to run a server 24/7 for this specific purpose. This FreshPort is not an official Ubiquiti package but as of July 2020 it’s well maintained.
To collect metrics from multiple Raspberry Pis or other Linux servers in a central location, the Netdata/InfluxDB/Grafana stack is a good solution. Netdata will collect the actual metrics and send them to a central InfluxDB instance. A Grafana dashboard will display the metrics.
The goal is to stream music from my Audio-Technica AT-LP120-USB to my Sonos system without using a Sonos Connect, Sonos Port, or Sonos Amp. The instructions should work for any USB turntable or USB soundcard.
subscribe via RSS