LIGISTX

It is extreme overkill for a NAS... but as a desktop, yea thats a solid build. I would consider a cheaper mobo if the only reason you got that was for potential later expansion. You can get 10 gig PCIe NIC's for relatively cheap and can add them in later. If you don't want to deal with that, sure, this is a fine solution.

You don't need an M.2, you just need a boot device. Any random SSD or harddrive you have laying around will work fine. Or technically so would a flash drive, but its not really recomended. But if you don't have those, and you really are only using 1 drive anyways, mayeb truenas isn't really for you - its more intended for large arrays of disks.

Sorry, read the post wrong, didn’t notice the SATA SSD would be for boot and what you are caching. I still doubt it’s worth it for the same reasons I identified. But you can give it a try I suppose.

Thats perfectly fine. I am just describing how you go about actually setting up a managed network and segregating things for the least chance of getting pwned. For a simple home NAS, what you plan to do is totally fine. No, that’s what I was trying to explain in my post. It isn’t the torrent client that you are worried about, it’s the devices that could become infected which could then start to ransomware you. The devices with the highest likelihood of this is honestly your windows PC, or IoT devices You could end up downloading a torrent with an executable, and if a windows machine does end up running that, who knows what affect it will have. But that’s the same as if you go to a bad website, get a malicious ad, or just open a malicious pdf on an email. From that point on, what the malicious software does is anyone’s guess, but it would affect much more than just your torrented files. You need to understand what devices actually can get infected via running malicious code. The torrent downloaded is not running code, it is low risk. Same with truenas (truenas is also Linux, so any windows virus wouldn’t hurt it anyways) (docker containers are usually Linux based as well, so same goes for a dockerized torrent client). The largest threat surface is computers people are using, or IoT devices. Hopefully this makes sense… it’s a big topic that takes some actual energy to learn. Network and cyber security have a lot to them, takes a while to really grasp it all. But for a home setup, you don’t need to worry about this much.

Why would you need to spend money on it? If it’s a running computer, it will run TrueNAS…

As long as you know what you are doing, its fine. If you do not know what you are doing (which you will either know you know what you are doing, or you will know you do not know what you are doing), do not ever open up a PSU. Do not pretend to know what you are doing either. If you know what you are doing, you know what you are doing, likely from electrical engineering cources in school, or being an electronics assmebly technitian etc. Good luck... I am not sure where that data would be, or if its even published anyway. I may suggest checking out https://forum.level1techs.com/ as folks there will be much more in the weeds and may even have a switch opened up they can just read the resistor color codes or values off of for you. Folks here may as well, but there is "less noise and more signal" on level1techs for things this technical, if you catch my drift. Potentially also Lawrence Systems forums as well, lots of folks there run Ubiquity gear as well.

So... sort of. There is nothing wrong with SMB or NFS, especially since people are going to want to use their NAS to actually do what NAS's do, which is be network attached storage. The way to correctly lock things down is you NEED an edge router that does network segmentation, running pfsense within proxmox is not enough because that doesn't protect proxomox from your windows machines since they would all be on a flat network otherwise. In a normal home network, you have 1 router, say 192.168.1.1, its has a 192.168.1.x subnet. Your PC, AND proxmox, will both end up with 192.168.1.x IP's, which means there is no segmentation between your vulnerable windows PC, Macbook, IoT devices etc from your proxmox host. Now depending on how difficult you have made things, yes, you can virtually route all of your VM's through a virtual pfsense, and put them behind a firewall and behind NAT from your 192.168.1.x network... but this is sort of an "annoying" way to do things. I think that is what you are saying you did, but that isn't really "the right" way to do it. It isn't "wrong", but it makes it much more difficult to manage since you can't admin any of the VM's that live within proxmox from your main PC, which is on the 192.168.1.x subnet. What you need is a pfsense machine at the head of the network... right after your modem. From there, you do all segmentation with vlans and maanged switches. In this situation, say your main network which pfsense lives on is 10.10.10.x (lets call this the top level manegment subnet), and this is the first router immedietly after the modem. From there, you set up vlans, set up 1 vlan for your windows PC and other "trusted" machines on say 10.10.11.x. Then you set up a homelab subnet for things like jellyfin, torrent clients, etc, on 10.10.12.x, and an IoT subnet on 10.69.69.x. At the pfsense level, you do not allow 10.69.69.x to talk to anything except the WAN. This would mean all IoT devices can work normally, but they can not reach out and touch ANYTHING else on your network. Things on your network can reach out and control them, but nothing can initaite a connection from IoT subnet. If you have managed AP's, you assign this its own SSID, and boom, all IoT stuff is segmented off on its own WiFi SSID, in its own subnet, done. Then you set up a WiFi and switch port vlans for your trusted 10.10.11.x subnet which you plug your PC ethernet into, connect your laptop to that SSID, etc. Done. Then you plug proxmox into 10.10.10.x, along with all of your switches and AP's, they ALL get the management subnet (which is the trunk port) which now means proxmox lives on the 10.10.10.x mangement subnet and you can assign vlans's within proxmox to each VM. So if you want, you can spin up a homeasssitant VM on the 10.69.69.x vlans, and it will then be able to talk to your IoT devices, but nothing else. And you can pass a torrent client the 10.10.12.x vlan, and it can communicate across that subnet, and depending how you set up your firewalls rules, maybe can talk out of that subnet, maybe can't, up to you... Then you set up truenas as a VM within proxmox. You pass truenas 10.10.10.x, so truenas lives on the management port. You then create SMB shares on both the 10.10.11.x and 10.10.12.x with different permsisions. This way, VM's within 10.10.12.x (like a VM hosting jellyfin, or a VM hosting a torrent client) can SMB to truenas, but only with those permissions, and only to the /mnt point you have your torrented media. In truenas on the SMB share shared over 10.10.11.x, you then would be able to use your NAS as a NAS where you can have all your personal files and data like pictures, home videos, documents, etc and be able to access them from devices on the 10.10.11.x subnet, but NOT from the 10.10.10.12 or 10.69.69.x networks since you only expose that SMB share over the 10.10.11.x network. Doing all of this 100% inside of proxmox means you are not really locking things down... you need to move things that have management ability up and away from anything that could infect or alter them. This does take some money though, as you would need a pfsense machine and managed switches and AP's. But I was able to do all of this for about 300 bucks. Use an old PC for pfsense, get a 2 port NIC (1 for WAN, 1 for LAN, DO NOT USE PFSENSE AS A SWITCH), get a few 5 port managed switches from Ubiquity for ~30 bucks each, and a managed AP or two also from Ubiquity for ~150 bucks, and thats it. This is a very good guide on how to set it all up, Lawrence systems has MANY great videos on these topics: Something to remember, the torrent client is not the piece of software to be worried about, IoT devices and not well admined Windows machines are the concern here. If you have a windows PC able to reach out and touch your proxmox WebUI, SSH, or truenas WebUI or SSH, if your windows machine got compromised, it could start ransomewaring your SMB share, AND THEN ALSO attack truenas webUI via stored crednetials in your browser and turn off ZFS snapshots, delete previous ones, lock you out of the webUI all together, etc etc. This is certainly a pretty extreme example, but THAT is what we are trying to protect against here which is why doing segmentation within proxmox is not enough. You need to protect proxmox itself (and all other things living on the management interface… firewalls, network routing equipment like switches and AP’s, TrueNAS webUI and SSH, and any other key infrastructure). Anyways, hope this made sense... trying to convey the entire premise of network security in a single post is not exactly simple. Another good video that may help explain things a little better:

Does it spike to 100% and then quickly fall off…? I assume it does as it’s trying to build up a buffer. I would recommend actually clicking on the link I provided and reading what I wrote in the previous post. I include screenshots of what I am transcoding, bitrates of the files, etc. I didn’t include the VM’s CPU usage in the linked post, only the post in this thread where is how CPU usage across the 6 threads, but we can roughly assume 6 threads out of the 28 available on my machine would mean if that VM was running with all 6 threads pinned, it would show roughly 20% usage in Proxmox WebUI (plus a few % for overhead of Proxmox and the other VM’s), so you can gauge your math from there.

So... only partially. Yes, with proxmox you could create some VM's, set up virtual routing and put torrent downloaders on their own subnet, but that isn't really the issue here. The issue here is downloading a file that is compromised and having a windows machine connected via SMB play that file and thus execute said malware, or have a windows PC on the main LAN (which wouldn't be firewalled off from the management surface of proxmox and thus all VM's under it in this example.....) become compromosed and then laterally move to your proxmox box which can then pwn truenas. Yes, your solution does provide more security than nothing at all, but it doesn't really fix the fact all of the management surfaces are on the main LAN, with all sorts of devices we don't trust. To do this "properly", you need your edge router to have a proper firewall, and do all vlan setups there. That way you can have a management subnet that proxmox, truenas WebUI, the firewall itself (pfsense is what I use), and whatever else as at that management level live on. Then you would set up subnets "below" that for things such as windows machines, phones, laptops, etc as well as an SMB share from truenas so your windows machines can still access SMB but restrict their ability to interface with the mangament subnet, then "next to that" I would have VM's for download clients etc, with similar rules as the windows and normal devices subnet.... then a subnet with next to 0 ability to talk to anything outside of that subnet for all IoT devices and things we really, truly, do not trust.

Igpu should make quick work of transcode, but regardless, 1080p transcode doesn’t take much at all even if you do it on CPU. Trying to transcode 4k isn’t super viable anyways, but it can certainly be done. I used to run my entire homelab on an i3 6100, and my Ubuntu VM which ran Plex only got 2 threads of the 4 total. It could transcode multiple 1080p to 720p movies at once… a 12600k would run circles around a 6100. I posted some info about this the other day, I would give this a look. This was done on my current homelab, and my Plex VM gets 6 threads…. And my e5-2600 threads are much, much slower then 12600k threads. The post I linked didn’t have CPU usage from within the Plex VM itself, so see below for a 4k to 720p transcode on 6 threads of my much slower CPU… it’s transcoding at over 1:1 speed, and has headroom to spare. This is not the most intense 4k video as the bitrate is pretty low for 4k content, this matches up to the detail I provided in the linked post regarding the 4k bitrate of this file. A 12600k for a NAS is wild overkill.

The 12600k is EXTREME overkill for a NAS. You can easily get an i3 and it would be plenty.

I would use truenas. ZFS is the best protection against all forms of malware/ransomware. But the problem isn’t the OS, or the file system, it’s the humans using it. ZFS provides the best possible way to recover in the form of ZFS snapshots. That doesn’t mean it’s foolproof, if you have poor network security, default passwords, open ports on your firewall to vulnerable software, you stand a chance of getting pwned regardless of what option you pick.

Don’t cache an nvme ssd with Optane. You don’t gain anything for any type of typical workload. If you have a very specific use case or need where you think it would be helpful, then you probably already know why you would need it and what it would do for you. If you are asking if you need to do it, you don’t. The reason for this is a normal NVME drive already has very high bandwidth, and very low latency. Adding more steps to this (caching software which then needs to be queried, and upon a successful hit it would result in the Optane providing the data, and upon a miss the nvme would provide the data), is just adding latency to the loop and will almost certainly cause increased overall latency in almost all cases. If you REALLY want to use Optane simply because you have it laying around, use a ~64 GB Optane drive as your windows boot device, and then use an nvme drive for programs and such. This would at least fully separate all of the “busy work” of the OS and shove that onto Optane, and allow your nvme drives to have much less random writes and reads hitting them. But even this… you wouldn’t be able to tell any difference in day to day use. Nvme is already so fast and capable, you are worrying about things that just don’t matter.

That drive uses IDE for data and molex for power. Molex should be easy, but if your mobo doesn’t have IDE (it almost definitely doesn’t), you are out of luck. Maybe someone makes a PCIe IDE adapter, I have never looked.

That isn’t going to cause a targeted digital attack… Truenas and unraid are much more secure because they are not ever going to reach out to the internet… they don’t have web browsers, they are Linux based and not windows based, etc etc. But this is not really how NAS’s get compromised, they get compromised by other devices on your network. If you have a fully locked down NAS, but the windows PC that is accessing shares gets ransomwared, it’ll start encrypting network drives including your NAS SMB shares. This is one reason Truenas and ZFS are the superior choice… ZFS snapshots are the best mitigation against this since snapshots can’t be encrypted or deleted except via TrueNAS itself (as in no network connected client could delete or alter those snapshots). This then means you need good network security, and have network segmentation so your TrueNAS machine lives on a subnet not accessible by your potentially infected windows machines, iot devices, etc etc. This is where you get into more prosumer grade network gear, set up vlans, and really dive into learning networking which is overkill for most people. But it is “the correct answer”. TLDR; windows is by far the least safe, TrueNAS is the most safe mostly because ZFS is your best shot against ransomware due to ZFS snapshots.

Even more important is, as far as I know, the Shield TV Pro has the best support for codex. It will play more codex than anything else... at least as of ~2022 when I got mine. I am not aware of anythign that has beaten it since. Cant wait for another version to come out.

It really depends how much you use the internet, and what you value. I value fast download times and I use the internet A LOT downloading large files… and uploading large files. I do a lot of photography so uploading files takes a while on a slow connection. Personally I would do the gigabit connection especially at the cost. I pay 100 a month for 500/25…… I very much wish I had a symmetric fiber option. 500 is more download then I need, but I need as much upload as I can get so I get the fastest plan possible. That said, nothing wrong with lost of download. 250 imo is a good number, 100 would be painfully slow when trying to download a new game with buddies.

The best device to use as a Plex playback client, unless things have changed, is the nvidia shield tv pro. You will want to instal Plex on a laptop or your gaming pc, use that as the server, and nvidia shield tv plugged into your receiver as the client.

For home automation, use home assistant. Really nothing else even comes close. For NVR, look into blueiris. I have not used it personally, but I know it’s quite popular. May also be able to use home assistant (I do use home assistant to share NVR streams from a dedicated NVR to Apple HomeKit, but I don’t personally use home assistant as the NVR itself.

I wouldn’t, no. I would run a proper NAS OS, not windows. Windows can work fine, but I wouldn’t recommend it. Even if you did, you wouldn’t need an i5.

That is a totally different thread… But no, I don’t believe you can use standard backblaze with a NAS unless that NAS was running on windows. Backblaze will not backup network locations… Both have pluses and minuses. The big plus of ZFS and thus truenas is it will try much harder to keep data safe… but it is not as flexible in terms of storage expansion later on.

Home backblaze is only supported on Windows and Mac, and it will not back up anything that is reported as a network drive. So you can’t backup what’s on a NAS via a windows machine or a windows VM. The only way to backup truenas or unraid to backblaze would be via using backblaze B2, it you theoretically could spin up a VM and give that VM an equal size harddrive, run some script to keep data from the NAS updated on that VM’s storage, and then back that up…. But that is just a kludgy solution. Yes, you can add drives to unraid. I would do some more research into both of them before picking one, or before buying hardware. Understanding the benefits and limitations of each is important.

No not at all, I would take any amount of ECC over no ECC every day of the week. That won't work... backblaze does not allow you to backup network locations via their home tier, you would need to use B2 which is more expensive, but still worthwhile. I have been using B2 for 8+ years at this point. Maybe jsut get 32GB... I wouldn't do it this way.... get more storage up front, you can't add more drives to a vdev later down the road, you would need to create a fully new vdev which needs its own redundency. Thats the major downside of ZFS. They are working on implimenting a way to add drives to a RAID Z vdev, but that is not out of beta, and I wouldn't make purchasing decisions based on potential future software... Buy enough storage now to last you a long time, especially since harddrive don't cost all that much. I would go with 4 4 TB drives at a minimum, or just get all 6 right now and do a Z2 array of 4 TB's. I build my 10x4 TB array in 2015 and initially only used about 20% of the array, its now ~60% full and I am happy I made the choice I did way back when. i3 would be totally fine. That is still an 8 thread CPU with pretty performant threads... I ran more than that on an i3 6100 which was way, way slower. I would 100% save some money on the CPU, spend more on more RAM, and get more larger harddrives. Nothing wrong with going the i5 route, but it is certainly overkill and if the budget is tight, RAM and harddrives are a better place to spend the money. When virtualizing things, you don't need to worry toooo much about overprovising CPU resources. Think of guest OS's like programs running on your PC... you way WAY more running on your PC at once then a few cores can support, but CPU's are very good at swapping out what they are working on, and operating systems (thus your hypervisor in this case) is good at allocating time to each VM to do what it needs. You don't need as many cores as you have VM's at all. I run a 28 thread chip mostly because it was extremely cheap to buy used server gear, and it was the best bang for buck option for the generation of server mobo I decided to get, and I only really went that route to have A LOT of PCIe lanes and RAM. Bellow is my proxmox current usage, and proxmox runs pfsense as my main router/firewall (don't do this, don't virutalize your main firewall..... I do it, but I never recomend anyone else do it...) and its still seeing almost no CPU usage. For fun to prove a point, I started watching a full 1080p bluray rip, compressed down to 720p + watching WAN show on youtube, and CPU went up to 9%, and that is with plex transcoding at 1.6x speed (to get ahead of where I am so it can build up a buffer which is what plex autoamtically does). And this is full 1080p from bluray, source file is large with 34471 kbps bitrate.... The below is 4k content (only 9736 kbps source, but 4k is way more difficult to transcode) and that is how hard its hiting my system down to 720p. And remember, this is all doing it on CPU, not GPU since Xeon's do have have iGPU's and I don't have a GPU in this system. With an iGPU, it would barely hit your CPU at all... And my Xeon is from the era of DDR4 back in 2015. My CPU does nopt have nearly the per core power of a 13th gen, and my clock speed is damn near half. Yes, I have a lot of cores and threads, but the CPU is much slower and less efficient. Also, all of these CPU %'s are while running VM's of: truenas pfsense, 4x Ubuntu Server one runs plex docker host a dozen docker containers second docker host for even great seperation for less trusted containers 3 containers yet another docker host 3 cnotainers one runs a nextcloud server Ubuntu LXC container for unifi controller home assistant proxmox backup server

Good choice, scale is the right way to go. The 13400 will still be incredible overkill... I ran my homelab on a ie 6100 (thats a dual core with HT) and I was running ESXi as my hypervisor, VM's I had running under it were: Truenas 3x Ubuntu server (one of the VM's was a plex server) Windows LTSC running Veeam backup home assistant a handful of docker containers and the i3 was a non issue. I did eventually upgrade to the system in my signature, but that was more because I was starting to run out of RAM (i3 system only had 28 GB...). Nothing wrong with the 13400, but it will be massive overkill. Good rational This is entirely pointless for a truenas boot drive. Truenas never hits the boot drive, it writes literally 0 bytes unless you make config changes. Nothing wrong with optane either, they are cheap and reliable, but jsut wanted to make sure you understood what is needed for a truenas boot drive (basically nothing, also you can save config backups very, very easily, so even if boot drive dies its easy to recover). WD Red's are fine. How many drives are you planning on running is a much more important question? What redundency level? Good choice. Total wattage for a NAS is next to negligeant, but quality is extremely important. Spend money on a good PSU, its worth it especially for a NAS. Both from efficiency standpoint, but also not losing drives due to failures. 16 will be fine unless you want to start running VM's and stuff. But for ZFS alone, 16 GB will be plenty sufficient.

RAID 5 or 6 is not the right terminology for "vdevs". vdevs are part of the ZFS architecture which is a software RAID solution (its a fantastic solution, I have been running ZFS via truenas for almost a decade). I would advise you do A LOT more research before you buy or impliment anything. I would look in the truenas forums for beginner guides and explinations of whats what so you can get a better idea of pitfalls that are common, issues people run into, and gain a better understanding of what all is going on. These things are very important to understand up front because if you make config setups in the beginig, once you have the data populated, its really difficult to change things later since you will need to offload your data and start over... This forum definitely can help a lot, but to get the mots out of said help, you need to do a good bit of reserach and homework on your own so we can all be speaking the same language per say :). Things to understand first are: How much storage space do you think you need? how long will it take to fill this up, and how do you plan to increase capacity? how much money do you want to spend what hardware do you already have what is ZFS what are vdev's look into unraid so you know what your two main options are