LIGISTX

For backing up iPhone, the sad but true reality is… just pay for iCloud. It’s the only solution that really works, besides back it up to a pc/mac and then backing up that machine. The only seamless way to backup an iPhone is via iCloud, which is one of the reasons Apple is getting sued right now by the US. As far as checksumming, yes. ZFS scrubs are what will check for and correct and big flips, and it’s easy to set up in truenas. I have mine run every 2 weeks, Wednesday night at like 1am. You should also schedule SMART checks, I think I do smart checks once or twice a week.

I suggest you take a step back and actually try to understand what the community is trying to explain to you in all of their posts. I understand you are young and just trying to learn, that is a really good thing! But you need to take a step back and internalize what folks are telling you... since they are all correct. Speedtest is not "lying", the numbers it is giving you are correct; speedtest.net is, without a doubt, able to give you 100mbps results. But the question is why, and that question has been answered by 3 or 4 people... There are really only 2 possible explinations, neither of which you will easily be able to determine, with a potential but unnlikely 3rd option. Option 1: your ISP is seeing you are trying to hit a speedtest.net server, and they are artificually lifting the 50mbps limit on your connection to that server, and that server only. This is not difficult for them to do... but they will almost certainly never admit to doing it. They do this to try and make people beleive they are getting more then they pay for, but in reality, they are only lifiting limits to certain speed testing sites. Option 2: your ISP hosts a speedtest.net server on its own infrastrucutre. Your ISP may be able to route your traffic within its own network at 100 mbps even if you are paying for a slower speed, but once you exit the ISP's network that is where it puts the brakes on and slows things down. Potential option 3, but not very likely - the burst idea. In certain bursts, if the network isn't overloaded, they may provide a little more than you are paying for. I pay for 500/25, and I almost always get 600/25. They don't guarantee 600, but I typically do get 600-625 ish. I am sure if I try and download something when everyone else is trying to download something (I have cable, so it is impacted by how everyone else in your local area is hitting the network) it will likley struggle to keep me at 500, but itll certainly try to (and usually does, I rarely see anything under 500). These are really your only options. And if you are paying for 48... you have no leg to stand on, and have almost 0 chance of making any other connection exceed 50mbps, its being limited by your ISP... they own the pipes, and they get to put speed limits on them based on what tier of service you pay for.

I run my homelab on a pair of 980 (non pro’s) and it has been fine. Looking up benchmarks helped me prove to myself this was a fine plan prior to purchase as I had the same questions.

Without reading this thread, I’ll just say, SSD’s last an obscenely long time. I wouldn’t even worry about this at all. I have never had an SSD die from old age, and I still have some SSD’s from 2014…. I really wouldn’t worry about this too much. Windows enables TRIM by default on SSD’s, that plus internal wear leveling will keep the drive healthy for a very long time. Your PC will be obsolete before your SSD dies in any normal use case.

Backblaze B2 user here - highly recomend. And its built into truenas so it works seemlessly.

I know game servers typically like a lot of GHz, but it also really depends on the game. FWIW, I run a e5 2660 v4 and it idles at about 2% usage... I have VM''s consisting of: pfsense truenas multiple ubuntu server home assistant windows over a dozen docker contaienrs unfi controller probably a few things I am missing, and even when doing some plex transcoding I never see it over 10%. I actually recently turned some of the cores off in a likely vein attmept to save a few watts of power and heat, but I just don't need all these threads... I only went Xeon on socket 2011 for the RAM and PCIe, that was the main reason I upgraded from my i3 6100 I previously had for my homelab. I can't speak to the game servers though, those may hit the server harder, but I still don't imagine you need all of that power for a home server.

What are you intending to actually do on the machine..? What will the VM's be doing?

If you need to transcode down from 4k to 1080p, the best option is a GPU. But... I bet a current gen i3 would be sufficient to transcode 4k to 1080p. I can do it on 6 threads of my Xeon which is way, way, WAY slower than a current gen intel chip (I only give my plex VM 6 cores of the 28 my server actually has, but those 28 are very slow compared to what modern chips can do).

I mean.... sure. But I ran my homelab on an i3 6100 for years without any issues at all. Granted, my homelab doesn't "do all that much", but I have a truenas VM, multiple ubuntu VM's, a dozen docker containers, windows VM, some LXC's for stuff like unifi controller, home assistant etc. The only reason I upgraded was for more RAM as well. That i3 machine could only do up to 32 GB of ECC, and I just needed more, but the 4 threads (2 core + HT) was honestly enver an issue... and I would imagine I do more than the vast majority of people building random unraid boxes (I run proxmox, but, same idea). There are plenty of folks who certainly need the pretty crazy homelab builds, but most probabaly don't and can get away with much less than they think they need.

This. Don't do this. Build a low power unraid box, and then build a gaming PC. Are you streaming 4k content to 4k capable devices..? If so, it takes 0 CPU power, its just moving data from a harddrive over a network connection to a client device, at a relatively low speed when condiering a normal network is gigabit and has been the standard for about 20 years. A full bluray 4k HDR movie is about 80mbps, thats is not even 1/10th the speed of gigabit which is 1000 mbps... and if the client device is playing the content in 4k, you dont need to transcode anything, so the plex server is not doing anything except simply serving data up over a network connection. Don't virutalize a gaming PC, it will just cause endless headaches. Build 2 machines.

It is extreme overkill for a NAS... but as a desktop, yea thats a solid build. I would consider a cheaper mobo if the only reason you got that was for potential later expansion. You can get 10 gig PCIe NIC's for relatively cheap and can add them in later. If you don't want to deal with that, sure, this is a fine solution.

You don't need an M.2, you just need a boot device. Any random SSD or harddrive you have laying around will work fine. Or technically so would a flash drive, but its not really recomended. But if you don't have those, and you really are only using 1 drive anyways, mayeb truenas isn't really for you - its more intended for large arrays of disks.

Sorry, read the post wrong, didn’t notice the SATA SSD would be for boot and what you are caching. I still doubt it’s worth it for the same reasons I identified. But you can give it a try I suppose.

Thats perfectly fine. I am just describing how you go about actually setting up a managed network and segregating things for the least chance of getting pwned. For a simple home NAS, what you plan to do is totally fine. No, that’s what I was trying to explain in my post. It isn’t the torrent client that you are worried about, it’s the devices that could become infected which could then start to ransomware you. The devices with the highest likelihood of this is honestly your windows PC, or IoT devices You could end up downloading a torrent with an executable, and if a windows machine does end up running that, who knows what affect it will have. But that’s the same as if you go to a bad website, get a malicious ad, or just open a malicious pdf on an email. From that point on, what the malicious software does is anyone’s guess, but it would affect much more than just your torrented files. You need to understand what devices actually can get infected via running malicious code. The torrent downloaded is not running code, it is low risk. Same with truenas (truenas is also Linux, so any windows virus wouldn’t hurt it anyways) (docker containers are usually Linux based as well, so same goes for a dockerized torrent client). The largest threat surface is computers people are using, or IoT devices. Hopefully this makes sense… it’s a big topic that takes some actual energy to learn. Network and cyber security have a lot to them, takes a while to really grasp it all. But for a home setup, you don’t need to worry about this much.

Why would you need to spend money on it? If it’s a running computer, it will run TrueNAS…

As long as you know what you are doing, its fine. If you do not know what you are doing (which you will either know you know what you are doing, or you will know you do not know what you are doing), do not ever open up a PSU. Do not pretend to know what you are doing either. If you know what you are doing, you know what you are doing, likely from electrical engineering cources in school, or being an electronics assmebly technitian etc. Good luck... I am not sure where that data would be, or if its even published anyway. I may suggest checking out https://forum.level1techs.com/ as folks there will be much more in the weeds and may even have a switch opened up they can just read the resistor color codes or values off of for you. Folks here may as well, but there is "less noise and more signal" on level1techs for things this technical, if you catch my drift. Potentially also Lawrence Systems forums as well, lots of folks there run Ubiquity gear as well.

So... sort of. There is nothing wrong with SMB or NFS, especially since people are going to want to use their NAS to actually do what NAS's do, which is be network attached storage. The way to correctly lock things down is you NEED an edge router that does network segmentation, running pfsense within proxmox is not enough because that doesn't protect proxomox from your windows machines since they would all be on a flat network otherwise. In a normal home network, you have 1 router, say 192.168.1.1, its has a 192.168.1.x subnet. Your PC, AND proxmox, will both end up with 192.168.1.x IP's, which means there is no segmentation between your vulnerable windows PC, Macbook, IoT devices etc from your proxmox host. Now depending on how difficult you have made things, yes, you can virtually route all of your VM's through a virtual pfsense, and put them behind a firewall and behind NAT from your 192.168.1.x network... but this is sort of an "annoying" way to do things. I think that is what you are saying you did, but that isn't really "the right" way to do it. It isn't "wrong", but it makes it much more difficult to manage since you can't admin any of the VM's that live within proxmox from your main PC, which is on the 192.168.1.x subnet. What you need is a pfsense machine at the head of the network... right after your modem. From there, you do all segmentation with vlans and maanged switches. In this situation, say your main network which pfsense lives on is 10.10.10.x (lets call this the top level manegment subnet), and this is the first router immedietly after the modem. From there, you set up vlans, set up 1 vlan for your windows PC and other "trusted" machines on say 10.10.11.x. Then you set up a homelab subnet for things like jellyfin, torrent clients, etc, on 10.10.12.x, and an IoT subnet on 10.69.69.x. At the pfsense level, you do not allow 10.69.69.x to talk to anything except the WAN. This would mean all IoT devices can work normally, but they can not reach out and touch ANYTHING else on your network. Things on your network can reach out and control them, but nothing can initaite a connection from IoT subnet. If you have managed AP's, you assign this its own SSID, and boom, all IoT stuff is segmented off on its own WiFi SSID, in its own subnet, done. Then you set up a WiFi and switch port vlans for your trusted 10.10.11.x subnet which you plug your PC ethernet into, connect your laptop to that SSID, etc. Done. Then you plug proxmox into 10.10.10.x, along with all of your switches and AP's, they ALL get the management subnet (which is the trunk port) which now means proxmox lives on the 10.10.10.x mangement subnet and you can assign vlans's within proxmox to each VM. So if you want, you can spin up a homeasssitant VM on the 10.69.69.x vlans, and it will then be able to talk to your IoT devices, but nothing else. And you can pass a torrent client the 10.10.12.x vlan, and it can communicate across that subnet, and depending how you set up your firewalls rules, maybe can talk out of that subnet, maybe can't, up to you... Then you set up truenas as a VM within proxmox. You pass truenas 10.10.10.x, so truenas lives on the management port. You then create SMB shares on both the 10.10.11.x and 10.10.12.x with different permsisions. This way, VM's within 10.10.12.x (like a VM hosting jellyfin, or a VM hosting a torrent client) can SMB to truenas, but only with those permissions, and only to the /mnt point you have your torrented media. In truenas on the SMB share shared over 10.10.11.x, you then would be able to use your NAS as a NAS where you can have all your personal files and data like pictures, home videos, documents, etc and be able to access them from devices on the 10.10.11.x subnet, but NOT from the 10.10.10.12 or 10.69.69.x networks since you only expose that SMB share over the 10.10.11.x network. Doing all of this 100% inside of proxmox means you are not really locking things down... you need to move things that have management ability up and away from anything that could infect or alter them. This does take some money though, as you would need a pfsense machine and managed switches and AP's. But I was able to do all of this for about 300 bucks. Use an old PC for pfsense, get a 2 port NIC (1 for WAN, 1 for LAN, DO NOT USE PFSENSE AS A SWITCH), get a few 5 port managed switches from Ubiquity for ~30 bucks each, and a managed AP or two also from Ubiquity for ~150 bucks, and thats it. This is a very good guide on how to set it all up, Lawrence systems has MANY great videos on these topics: Something to remember, the torrent client is not the piece of software to be worried about, IoT devices and not well admined Windows machines are the concern here. If you have a windows PC able to reach out and touch your proxmox WebUI, SSH, or truenas WebUI or SSH, if your windows machine got compromised, it could start ransomewaring your SMB share, AND THEN ALSO attack truenas webUI via stored crednetials in your browser and turn off ZFS snapshots, delete previous ones, lock you out of the webUI all together, etc etc. This is certainly a pretty extreme example, but THAT is what we are trying to protect against here which is why doing segmentation within proxmox is not enough. You need to protect proxmox itself (and all other things living on the management interface… firewalls, network routing equipment like switches and AP’s, TrueNAS webUI and SSH, and any other key infrastructure). Anyways, hope this made sense... trying to convey the entire premise of network security in a single post is not exactly simple. Another good video that may help explain things a little better:

Does it spike to 100% and then quickly fall off…? I assume it does as it’s trying to build up a buffer. I would recommend actually clicking on the link I provided and reading what I wrote in the previous post. I include screenshots of what I am transcoding, bitrates of the files, etc. I didn’t include the VM’s CPU usage in the linked post, only the post in this thread where is how CPU usage across the 6 threads, but we can roughly assume 6 threads out of the 28 available on my machine would mean if that VM was running with all 6 threads pinned, it would show roughly 20% usage in Proxmox WebUI (plus a few % for overhead of Proxmox and the other VM’s), so you can gauge your math from there.

So... only partially. Yes, with proxmox you could create some VM's, set up virtual routing and put torrent downloaders on their own subnet, but that isn't really the issue here. The issue here is downloading a file that is compromised and having a windows machine connected via SMB play that file and thus execute said malware, or have a windows PC on the main LAN (which wouldn't be firewalled off from the management surface of proxmox and thus all VM's under it in this example.....) become compromosed and then laterally move to your proxmox box which can then pwn truenas. Yes, your solution does provide more security than nothing at all, but it doesn't really fix the fact all of the management surfaces are on the main LAN, with all sorts of devices we don't trust. To do this "properly", you need your edge router to have a proper firewall, and do all vlan setups there. That way you can have a management subnet that proxmox, truenas WebUI, the firewall itself (pfsense is what I use), and whatever else as at that management level live on. Then you would set up subnets "below" that for things such as windows machines, phones, laptops, etc as well as an SMB share from truenas so your windows machines can still access SMB but restrict their ability to interface with the mangament subnet, then "next to that" I would have VM's for download clients etc, with similar rules as the windows and normal devices subnet.... then a subnet with next to 0 ability to talk to anything outside of that subnet for all IoT devices and things we really, truly, do not trust.

Igpu should make quick work of transcode, but regardless, 1080p transcode doesn’t take much at all even if you do it on CPU. Trying to transcode 4k isn’t super viable anyways, but it can certainly be done. I used to run my entire homelab on an i3 6100, and my Ubuntu VM which ran Plex only got 2 threads of the 4 total. It could transcode multiple 1080p to 720p movies at once… a 12600k would run circles around a 6100. I posted some info about this the other day, I would give this a look. This was done on my current homelab, and my Plex VM gets 6 threads…. And my e5-2600 threads are much, much slower then 12600k threads. The post I linked didn’t have CPU usage from within the Plex VM itself, so see below for a 4k to 720p transcode on 6 threads of my much slower CPU… it’s transcoding at over 1:1 speed, and has headroom to spare. This is not the most intense 4k video as the bitrate is pretty low for 4k content, this matches up to the detail I provided in the linked post regarding the 4k bitrate of this file. A 12600k for a NAS is wild overkill.

The 12600k is EXTREME overkill for a NAS. You can easily get an i3 and it would be plenty.

I would use truenas. ZFS is the best protection against all forms of malware/ransomware. But the problem isn’t the OS, or the file system, it’s the humans using it. ZFS provides the best possible way to recover in the form of ZFS snapshots. That doesn’t mean it’s foolproof, if you have poor network security, default passwords, open ports on your firewall to vulnerable software, you stand a chance of getting pwned regardless of what option you pick.

Don’t cache an nvme ssd with Optane. You don’t gain anything for any type of typical workload. If you have a very specific use case or need where you think it would be helpful, then you probably already know why you would need it and what it would do for you. If you are asking if you need to do it, you don’t. The reason for this is a normal NVME drive already has very high bandwidth, and very low latency. Adding more steps to this (caching software which then needs to be queried, and upon a successful hit it would result in the Optane providing the data, and upon a miss the nvme would provide the data), is just adding latency to the loop and will almost certainly cause increased overall latency in almost all cases. If you REALLY want to use Optane simply because you have it laying around, use a ~64 GB Optane drive as your windows boot device, and then use an nvme drive for programs and such. This would at least fully separate all of the “busy work” of the OS and shove that onto Optane, and allow your nvme drives to have much less random writes and reads hitting them. But even this… you wouldn’t be able to tell any difference in day to day use. Nvme is already so fast and capable, you are worrying about things that just don’t matter.

That drive uses IDE for data and molex for power. Molex should be easy, but if your mobo doesn’t have IDE (it almost definitely doesn’t), you are out of luck. Maybe someone makes a PCIe IDE adapter, I have never looked.

That isn’t going to cause a targeted digital attack… Truenas and unraid are much more secure because they are not ever going to reach out to the internet… they don’t have web browsers, they are Linux based and not windows based, etc etc. But this is not really how NAS’s get compromised, they get compromised by other devices on your network. If you have a fully locked down NAS, but the windows PC that is accessing shares gets ransomwared, it’ll start encrypting network drives including your NAS SMB shares. This is one reason Truenas and ZFS are the superior choice… ZFS snapshots are the best mitigation against this since snapshots can’t be encrypted or deleted except via TrueNAS itself (as in no network connected client could delete or alter those snapshots). This then means you need good network security, and have network segmentation so your TrueNAS machine lives on a subnet not accessible by your potentially infected windows machines, iot devices, etc etc. This is where you get into more prosumer grade network gear, set up vlans, and really dive into learning networking which is overkill for most people. But it is “the correct answer”. TLDR; windows is by far the least safe, TrueNAS is the most safe mostly because ZFS is your best shot against ransomware due to ZFS snapshots.