Beiträge von fredfred

I wont go in to what platform, how much performance you loose running what on where... but I must say running OMV (or anything else for that matter) as a VM makes backup and configuration much simpler.

If you need to change something that you are not so sure of use a snapshot or checkpoint or what ever you wanna call it, make the change and if things go bad just go back to the snapshot/checkpoint..

If the VM is backed up everything in that VM is backed up and configured just like it was when the VM was backed up, so a restore operation of the whole thing (or moving to different hardware) is sooo simple.

But there are also downsides to this, usually when you backup a VM its hard to exclude certain things from the VM that you normally would not backup - so if you have a large scratch space, temporary files and what not - those would be included too...

I run OMV on my Windows machine as a Hyper-V VM, every week I have powershell script that backs it up to another disk and that works just fine for me.

Then again, I don't have any specific needs for performance and do not need to get everything I can out of the hardware I have, just a simple OMV that shares some files and some light containers that run pretty simple things.

I've been running omv-upgrade as a cron for almost a year, no problems.

For all containers I'm using watchtower for the same period of time, and that works good to..

Both run weekly AFTER a compete backup of the VM running OMV.

So all my stuff is always updated, and so far so good

You have a windows machine, on that create a VM using Hyper-V (search the internetz on how to do that) and in there install OMV and try it out, no need to install KVM or whatever just to test OMV., unless you really want to.

Dear all,

This question may not be directly concerning OMV, but OMV might be part of the solution. If a moderator thinks that this is to "off topic" please toss this post and notify me and I'll take it elsewhere.

So, where do you guys store your passwords and what solution are you using for it?

If may not be just passwords but other sensitive data like passport number and other things.

My toughs are something like this... If I use a cloud service like Bitwarden or others my passwords are accessible on "the internets" and from anywhere or anyone with my credentials. This may be useful but it also poses a risk. I can imagine that many people are very interested in obtaining not just my credentials but everyone's credentials... and we have seen many examples of data leakage in the past.

If I setup something local I have to manage everything, configuration, security, backup/restore and all that... If I go this route - what do you suggest and why?

First off, THANKS for taking the time!

On my router port 80 is forwarded directly to the docker container, to make sure I shutdown SWAG and connection is still fine.

I created another Wireguard container did all the bells and whistles, used the default port and opened the default port on my router and all that... everything connected and works fine. I now tried to PING some stuff and that works to, BUT I cannot even PING the container running Piehole. I tried to ping another container (also macvlan) and I cannot ping that one either.

So, I'm pretty sure it's Docker networking something... but I have no idea what or how to troubleshoot OR solve it.... anyone?

Zitat von Soma

Maybe something to ask on the Pihole forum.

It only does NOT work when coming from Wireguard connection so I cant imagine it being a piehole problem...

I do not route Wireguard trough SWAG, what I wrote is that I use SWAG on port 443, I use Wireguard on port 80.

I know that putting 0.0.0.0/0 will allow my clients internet access.

What I still do not know OR understand is WHY I cannot get my piehole working when changing from PEERDNS from =auto to PEERDNS=IP.Of.Piehole

Zitat von alvaronbg

should I do a clean installation?

That is ALWAYS best to do, it's hard to trust a system ever again if it have been in this situation, kind of like a cheating GF

So yes, that's what I'd do.

The ports I use DO work (been running like that for more than a week), I must do it that way to allow access from Public WiFi that usually only allow 80/443, and on 443 I have SWAG running.

You and I are doing the exact same thing besides I use port 80 to make the connection, and you use allowed IPs to only your local subnet and I allow my clients to escape the local network out to the internet, this is exactly what I want.

I want my tunnel to always be active and route all traffic from a public wifi or wherever I am, trough the tunnel home and access the internet from my home connection, and part of that is to use my piehole for dns to remove ads and protect my device from accessing bad things - even when on the run.

So like I wrote in my first post, everything work just fine BUT as soon as I change PEERDNS from =auto to PEERDNS=IP.Of.Piehole name resolution stops...

Hmmm apperently I dont

Below is my stack, commented is what I THINK I need to change, am I right?

I only have my two clients and I have no problem updating them.

---
version: "2.1"
services:
  wireguard:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1002
      - PGID=100
      - TZ=Europe/Stockholm
      - SERVERURL=mywg.domain.net
      - SERVERPORT=80 #optional
      - PEERS=Laptop,Phone
#      - PEERDNS=192.168.1.199 #optional
      - PEERDNS=auto #optional
      - INTERNAL_SUBNET=10.13.13.0 #optional
#      - INTERNAL_SUBNET=192.168.1.0 #optional
      - ALLOWEDIPS=0.0.0.0/0 #optional
    volumes:
      - /srv/dev-disk-by-uuid-.../config/wireguard/config:/config
      - /lib/modules:/lib/modules
    ports:
      - 80:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: always

Dear all.

This probably have nothing to do with Wireguard itself, probably more with docker networking, MAC-VLAN and docker routing...

I have a Piehole in docker setup using macvlan so that it have its on IP on my LAN, this works just fine on my local network with local clients.

I have a Wireguard Server setup in docker and it works just fine when using PEERDNS=auto, if I change this to PEERDNS=IP.Of.Piehole nameresolution stops.

So... ?

I am willing to change whatever and also, my Piehole was manually setup a long time ago, so far ago that I think I manually setup the stuff in Portainer using technodad method and not a stack. I'd rather get this stuff done right and have it as a stack since its much simpler that way.

But, to do that right and I need to understand why my current setup does not work, and then what I need to do to get this done right.

Dear all.

Yesterday I was talking to a buddy of mine who have a problem, how to handle his whole family's pictures.

They are two adults and two kids, I think they all have iphones and they take lots lots of photos, lots. Sometimes they also do recordings and small movies.

How they do it today.

Hook the phones with a cable to a computer, copy the photos and removes old and unused stuff from the phones. If they are on a trip when the computer is not with them they have to wait or manually select what to keep and what to remove, imagine trying to get a five-year old to select what to keep and what to delete.

I have OMV5 with some dockers and stuff so I could either host something for them to try it out, if they like it I can help them build something to run OMV and something more... but what is that something more? Preferably a docker container on OMV.

So I came to think about this wonderful community and I'm pretty sure some of you do this in a much better way, so let the ideas fly!

I want to run Wireguard and I am reluctant to run it on my OMV host, so I'd like to run it in a docker container.

Now, been trying to read up on how to do this and found in the fine print that you should set OMV-Extras, Docker, Iptables = Use Legacy

And... not being that at home in all this stuff.. anyone have some additional info on what this does... and what I could possibly break by doing this?

Also, if anyone of you have a much better idea on how to do this please let me know.

I use SWAG to publish things and it contains GeoLite2.

Swag info here: https://docs.linuxserver.io/general/swag

And here: https://github.com/linuxserver/docker-swag

I think the only way then is to share the disk on the 2016 server and mount it as a network drive in OMV.

I did almost exactly what you are trying to do when I was running tvheadend in a VM on a Windows PC and I wanted the recodrings to end up on the Windows PC and not inside the tvheadend VM.

There is a guide here: https://tvheadend.org/boards/4…598?r=35470#message-35470

Zitat von Jens2056

Storage spaces kinda have the same problems. <snip>

I have used storage spaces for a long long time and it have never been slow - are you sure you have not done something to your computer? Like BOIS settings or something? True that "traditional spin-disks" are much slower than ssd's and others but storage spaces on its own have never been slow for me.

As far as recovering from a failty disk there are good guides out there and if you want to test what happends if (or when) something fails heres a simple way to play with it...

Ceate a VM and install whatever Windows version you are planning to run. Create some VHDX and attach those to the VM, create a storage space on them and add some data to it. Remove one of the VHDX files from the VM and see what happends.

If you want to emulate that the OS drive failed or the computer exploaded but the disks where okay, attach the storage space drives to another VM.

You can do the same with OMV or whatever OS you wanna run, or on whatever hypervisor - play with VM's - it's fun!

Well now this may be somewhat complicated but will work...

On your Win10 host, create a storage space and store the data there. Mount that storage in OMV and you should be good (use automount in debian).

Or run OMV as the host and do whatever you want with disks and things, and run you VMs in OMV that runs your Windows.

Would that work?

For a home user with one node, adding that complexity is a VERY bad thing.

For anyone adding that complexity is a bad thing, keep things simple always, that's good.

Yes I know you can do very cool things with a lot of stuff, but I would NEVER recommend anyone to do it, ever.

I have for years played with Hyper-V (and other Virtualization technologies) in large and small environments along with Clusters SCVMM and other stuff, more and less complex environments and have come to this simple conclusion when it comes to attaching drives as physical devises, it may work but I would not recommend it.

The whole point of virtualization is that you should be able to move a VM from one host to another without doing anything to the VM. If you create a VM and attach specific physical things (like drives) from one specific host and that host fails you are toast. So no matter what virtualization technology you do use make sure that you don't do what you are trying to do.

I like you are running OMV on Hyper-V and this is how I run mine.

One VM and three disks (normal vhdxfiles of various sizes all dynamically expanding), OMV just for the OS 10GB, Docker 50GB, Media 1TB.

Make sure you set your network adapter to a static MAC address, when moving a VM without that settings things can get messed up.

When OMV is installed install "the drivers" for Hyper-V: apt install hyperv-daemons

Thats about all.

Now for redundancy... IF you want your OMV to be placed on redundant drives you have a couple of options.

On your host you can make the drives redundant and then place the vhdx files on those drives.

If you create vhdx files on separate physical drives on the host you can have OMV use all those files and use those for some form of duplication/raid.

If you have more than one host you can use Hyper-V replication between the hosts.

I opted for none of those solutions.

For simplicity I don't have anything like that, I just export my OMV one a week to a different drive so that if anything failes I have a full copy of the whole VM on my Hyper-V host. If my house burns down I have a copy of that drive at a friends house, just a simple FTP site I access using VPN.

So in my case if my hardware failes, all I have to get is another hardware with enough space to run my VM and I'm good to go. That is far simpler than anything I have ever tried before.

I have two docker containers for this.

I use Emby for my mediafiles, locally and remotely.

Access to Emby from outside home is done trough a SWAG container (nginx reverse proxy with some bells and whistles).

So in Kodi at remote locations I just install Emby for Kodi and I'm all good.

But...maybe VPN might be simpler.

If your dad is on a Windows client you could setup a VPN profile that automatically connects as soon as the client starts and add the client to start always - so your dad needs to do nothing but use the files.