LIGISTX

I am not entirely sold on this. ZFS is ZFS, but if the goal is long term stability, personally I would trust an enterprise appliance which is TrueNAS. Yes. Truenas is just Debian now, but having the backing of iXsystems for the overall stability of the OS… that does mean a lot for stability. ZFS is where the magic is, but there is importance in doing an abundance of unit testing before pushing updates into production, and an enterprise grade appliance is going to do that better then other solutions.

Then you shouldn’t use unraid. Use truenas, or anything that uses ZFS. ZFS is the best option to protect data for the long term. Why not get a used server system? My old i3 6100 used ECC, I bought a cheap HPE server with the i3, server chipset mobo, and RAM, all in brand new was like 250 bucks back in 2016 just for reference. Maybe pick up a cheap used xeon and mobo from eBay? I would run ZFS before I worry about ECC. ZFS will scrub and compare data across all drives to make sure things don’t “rot”. ECC is helpful for this, but not strictly required. ECC is just one more way to validate nothing gets flipped in RAM. ZFS scrubs are the real answer to this problem tho, and if you are exceedingly paranoid, run Z3 instead of Z2, it gives you 50% more drives to compare data against when doing a scrub.

If this is for work and not homelab, the price of a proper mobo shouldn’t be much of a concern. If you really do need that speed, you probably do need to look at enterprise grade mono’s.

As stated above, a good enterprise HBA will last a very long time. Can it fail, yes, anything can. But I’d trust a supermicro HBA to outlast a consumer motherboard… If you want to go the HBA route, look at Dell h310’s on eBay. Make sure to get one flashed to IT mode, and get one that comes with SAS to SATA cables bundled with it. Usually about 30-40 bucks.

What kind of networking are you trying to accomplish here…? What is connected on the other end that you can pull or send data to at connect x5 speeds? Unless my searches are just incorrect, isn’t that a 100gigabit NIC? If you have something on the other end that is even remotely able to serve or ingest data that fast, I don’t really know why your worried about the cost of going thread ripper. Just put it in a x8 slot, a PCIe 3.0 x8 will still easily do 50 gigabit… What exactly is the use case here?

I would also just go with one large array. No reason not to… less loss to redundancy this way. You can EASILY write or read from a Z2 array at over gigabit networking speeds. There is no point is setting up multiple vdevs for this type of workload. Just use all 10 drives in a Z2 array, or if you want an extra amount of redundancy, Z3, but Z2 should be fine.

Run an Ethernet cable…. If you can get an Ethernet cable to the metal shed, you can install an AP inside without issue. Always run wires whenever possible.

According to your picture, you have an eax12… not an 11. https://www.netgear.com/support/product/eax12/#download

I’d look into unraid if your plan is to increase storage over time. It’ll handle everything you mentioned just fine. Processor is really up to you. How much performance do you need in the VM? You can run the NAS itself off a system from 2010 with no issue…. NAS’s don’t need much CPU. So you just need to determine how much power you need for the rest of what you want to do.

No problem at all. I would just confirm on truenas forums that the 9220-8i works fine, or maybe @Electronics Wizardy will know off hand (I don't, I assume it is fine though). Second, you don't need 2 expanders. You can connect the HBA and the expander with a single cable, plug one of the SAS -> SATA cables into the HBA itself (which gives you 4 SATA drives), and then you have 5 open ports on the expander which would give you 20 more SATA devices if you fully populated the expander with SAS -> SATA cables. Third, the HBA comes with 2 SAS -> SATA cables it looks like, so you would only need to buy 3 more, not 6, to get a total of 5 which is 20 total SATA drives. Fourth, you would only need 1 SFF 8087 to SFF 8087 cable in this configuration.

You don’t need to pass NIC’s through like this. Proxmox will create virtual NIC’s for each VM, each gets its own IP on your subnet, it works great. No need to over complicate that part of it. I run almost 15 VM’s on a single 1 gig NIC on my mobo. Sure, if you have lots going on network transfer wise, that could be an issue, but for almost all home setups, this won’t be an issue especially if you set up point to point 10gig from main workstation to TrueNAS. Also, using the virtIO virtual NIC for the VM’s, proxmox actually just moves data from VM to VM internally and won’t even go out over the physical subnet. So you can easily get 10gig between VM’s even if you only have 1 gig physical connected to proxmox. I run dell H310’s. This one is already flashed to IT mode: https://www.ebay.com/itm/155421555013?mkcid=16&mkevt=1&mkrid=711-127632-2357-0&ssspo=zq9OX4YXQYW&sssrc=4429486&ssuid=B1xTkXm_Qfe&var=&widget_ver=artemis&media=COPY SAS expander I use: https://www.ebay.com/itm/144481548648?mkcid=16&mkevt=1&mkrid=711-127632-2357-0&ssspo=OwHu05S9RzG&sssrc=4429486&ssuid=B1xTkXm_Qfe&var=&widget_ver=artemis&media=COPY There are a few options, and I would do some research as there may be newer models that would make more sense to buy today. I bought all of this almost 8 years ago at this point, but it works perfect for me so I have not needed to think about this since I bought it all. SAS to SATA cable since you will need an extra to get 12 drives working. They also sell 2 packs so could always do that instead: https://www.ebay.com/itm/153572967108?mkcid=16&mkevt=1&mkrid=711-127632-2357-0&ssspo=jFynvEpdSpS&sssrc=4429486&ssuid=B1xTkXm_Qfe&var=&widget_ver=artemis&media=COPY To connect HBA to SAS expander: https://www.ebay.com/itm/164322850606?mkcid=16&mkevt=1&mkrid=711-127632-2357-0&ssspo=CvlQ154ETKC&sssrc=4429486&ssuid=B1xTkXm_Qfe&var=&widget_ver=artemis&media=COPY

Yes, do this. On ebay you can find them already flashed into the required IT mode. This is required for use with truenas since IT mode turns it into a simple HBA and will pass all the drives to truenas for ZFS to manage. SAS expander needs a PCIe lane, but only for power, no data goes through its PCIe slot. I believe my expander can use molex power instead of pcie if you need to get creative... I run proxmox and I pass the HBA through to truenas, this is who you want to do it. You must pass the entire PCIe device through to truenas so ZFS can see the drives directly. You will need to enable IOMMU: https://forum.proxmox.com/threads/where-to-add-intel_iommu-on-and-iommu-pt.131592/post-578296 You could set up a 10gig point to point network between truenas and your main PC. You would need 2 QFSP+ NIC's, and you can get fiber trasnceivers and run fiber between truenas and PC. I do this, and with the homelab in my signature (ZFS 10x4TB drives in Z2) I can read and write at about 5 gigabit (if the data I am trying to read is in ARC, then I obviously get full 10gig reads). Hope this helps - I would say you have some more forum reading and learning to do before you dive to deep :). Definitely don't hesitate to ask more questions, but with the info I provided you should be able to start googling around and finding more info. Homelab and virutalization is the type of thing you really need to put the time into and ask questions when you are unsure - it isn't something any single person can just "tell you exactly how to do" :).

Exactly what others said, but to add a little more detail… Gigabit switches can move data at gigabit on every single port simultaneously. If you had a 2 gigabit internet service, two PC’s would be able to do full gigabit at the same time out to the Internet. But since you “only” (this is still very fast…) have 1 gigabit internet, that will become the bottleneck if multiple PC’s are trying to hit the internet at the same time, but the switch will not be the bottleneck. The router is the device that picks and chooses which devices get priority and does the balancing of speed distribution. Switches are just “y splitters” for the Ethernet cables. It’s more complicated then this in reality, but for a low level understanding, this is how it works in practice.

I agree, unraid.

Do not open up ports for WOL. That is extremely insecure. The way to do this is get another machine inside your network (could be a raspberry pi) to remote connect to either via something like team viewer or SSH, then use that to WOL your desktop. Opening a port to a services that is not meant to be exposed to the internet is going to be a very bad time… just asking to get hacked. Also, yea, you can’t WOL over WiFi.

So switch back to your old router (what was faster) and download it, then switch the routers out again...

It’s not too bad under game load. Iirc I would see it in the high 60’s low 70’s in games. When you are stress testing it to confirm stability tho, I’d see 95c which is hotter then I’d like.

Speaking from experience, trying to cool an OCed 9900k is not easy. I think I had mine running at 5.1 ghz? I honestly forget, but even on custom water it was very difficult to keep cool. I would suggest going with a different build as shown above as well. The 9900k just isn’t worth the price people charge for them unless you can find one for very cheap.

Not that this isn’t valid because it is much edited, but just didn’t want anyone to be under the assumption you need UniFi routers to control their AP’s and switches. You can control them just fine for free with their software which has versions for windows and Linux.

Because that’s how services work… services need to make it through firewalls somehow, and the way in which they do that is via opening a port. I’d trust a port on my network, which I control, going to a service I own, on a VM or within my firewall that I setup, over routing my traffic through unknown jump points or proxy servers. No one should ever open ports to unknown services, but opening a port to WireGuard….. probably going to be ok. Of all the ways to get pwned on the internet, that is not going to be it. You are already behind NAT… opnsense is doing NAT for your network. Do you mean CGNAT? How would they be blocked by public WiFi? You’re connecting to an IP address and a random port. I have never once had my WireGuard connection blocked. The only way they would be blocking it is if they just don’t allow you to connect to any IP that is part of an ISP’s block of IP’s (basically not allowing you to connect to any home IP address), or only allowing you to connect to whitelisted IP’s, which, if true, that’s a pretty unfortunate place to live. Is it possible to get something like starlink and just not deal with that? I don’t really understand this. If you have encrypted DNS, why does it matter if your on public WiFi? I am not sure if this is just obsessive fear mongering, being in a very suppressive country where you basically need to entirely hide, or just not fully understanding..? Maybe it would make more sense to just build a travel router and use that? At the end of the day, you have to trust something, and I’d trust WireGuard and a port I open on my own device I control over relying on proxy servers I do not control. To each their own I suppose.

Either I don’t know as much as I think I know about networking, or you are a bit too paranoid and a bit less sure of how technology works then you think you are. If you are running WireGuard on opnsense, once you connect to that from your machine, all traffic should be pipped through the vpn tunnel (unless you have it set up as a split tunnel). That includes DNS… Whenever I am off my local LAN, I have at a minimum a split tunnel running in WireGuard, and my DNS is redirected over the tunnel so I have ad blocking vis pfblockerNG within pfsense (my router at home). Then I can also hit all my home subnets, but with the split tunnel setup I don’t get all traffic routed over the VPN so I retain the physical internet speed of whenever I am. If wherever I am is not trusted, I switch to the full VPN and then all traffic is encrypted and sent over the WireGuard tunnel. If you own your own router and can open ports (sounds like you can….), you don’t need the “fancy” features of zero tier. Just use WireGuard, expose it to the WAN on whatever port you want, and that’s that.

If you plan to add more storage later, go unraid.

The mobo you picked has 6 SATA ports…. No need for an HBA. Plug your drives directly into the mobo. HBA would only be needed if you virtualize truenas, or require more drives then your mobo can support.

It would be fine with that CPU. That CPU is plenty fast for a NAS. Don't virtualize pfsense under your NAS tho, thats not a great idea. I think TrueNAS is a great option as well, especially if you have experience with it.

What is a WLAN module? How is this setup in software? I have never done this before. They are pretty much the same. I’d recommend finding a YouTuber you enjoy watching and can understand well, and then whichever they use. Plenty of YouTube folks who talk about pfsense, and plenty who do opnsense. Find one you like, watch a bunch of their videos, and then you could set it up. Problem is, running them on the laptop may be challenging as there may not be good WiFi driver support, but I would imagine opnsense would have better support since it’s more aimed at that sort of thing. Pfsense is more enterprise.