Token's lvl1 blog- edit -- Token's rantings

Token · June 18, 2022, 7:43pm

marelooke’s mess! I’m the mess not you lolz

I had gotten a really nice noctua NH-U12S for it (for when I was intending to make a NAS with this via a Fractal Node 304), but it won’t fit in this current mini ITX case. Actually every low profile I looked at wouldn’t work. So I took the OEM fan off of my daily driver desktop (i7-4790), put on the noctua, and put the OEM on this hypervisors i7-4790K.

I don’t see OEM being a problem, hypervisor isn’t going to be pegged and it ran fine on my daily driver here that I’ve done some light gaming on.

100 this, which is why I’m shocked Proxmox only saw one of the two nics, and is glitchy AF. It will boot, run for a little while then drop the SSH session and the webUI port 8006 session, but on the screen I have plugged into it still be running and responsive to commands.

So then I did a vanilla Debian install and its only gripe was the wifi card non-free firmware, but after then following the guide to add the proxmox repos and install proxmox on top of it, same issues.

In a rock and a hard spot here. If I was better at linux I think proxmox would be the way, there would be a way to get the NICs working right, Nvidia GPU ‘seen’ and able to passthrough and then even the wifi card for a VM. But I’m not above intro level at nix. I’m floored how well xcp-ng has taken with the hardware- in that it doesn’t sh*t the bed when being interacted with, but yeah it doesn’t see the nvidia or wifi card.

Token · June 18, 2022, 8:13pm

So for some reason I had put 0.0.0.0 in my DNS settings?

Snort refused to run, looking at some logs so that I could do better than “snort no work, why?” in the googles, this was my issue:

Interestingly this didn’t affect suricata.

Token · June 23, 2022, 12:05am

I hit the power switch on a surge protector by accident…

Token · July 6, 2022, 7:31pm

What are people’s pros vs cons of having Home Assistant on docker vs VM on Synology?

I went with VM as I’ve found docker difficult to learn, my ports space getting crowded and not wanting to mess with MAC VLAN.

With VM, yeah its more resources, but I get the full fat HA build, IMO easier to update (I still haven’t figured out how to update docker containers), snapshot/backup, migrate etc.

I’ve found HA to be messy- its nice to be able to snapshot before updates, restore, or just blow away, build new and import configs but I’m curious how others run it here.

Oh also, it seemed much easier (drop down menu) to pass-through the Z-wave USB stick via the Synology VM GUI than all the hoops and tricks one does for docker.

Token · July 7, 2022, 11:36pm

Woot!

So have Home Assistant installed as a VM, has it’s own IP address, can interface the second NIC later.

Started migrating Z-wave devices over from the malfunctioning Piper. Thats always a chore but getting there. I have two automations setup now for lighting as well.

Next is to find some good tutorials on ‘home alarm’ automations and dashboard, then I need to setup SSL, domain, port forwarding etc so I can start to get push notifications.

Tempted to start a free tailscale and just be VPN’ed in all the time but I don’t think push notifications work that way.

marelooke · July 8, 2022, 3:44pm

I run HassOS in a VM as well, for pretty much the same reasons. Considered switching to Docker given how they were hammering Cloudflare DNS, but they mostly sorted that mess out so not touching what ain’t broken

Token · July 8, 2022, 5:05pm

Well that makes me feel much more reassured as to my reasoning. (VM vs Docker).

For the “well actually…” types, I know there are Docker gurus that can spin it up, get the USB device (zwave, zigbee dongles etc) pass through, MAC VLAN for separate IP, IP tables to segment the traffic if more than one NIC available, self host git for configurations (I listen to the HA podcast and they said its json now but I still see yaml, I donno), and use whatever docker and git magic is out there to do things similar to snap shots…

and going homelab is to force myself to get better with this things…

but for prod I stuck with what I know how to use to do the above- which IMO is much easier as a VM (with GUI controls).

#break

Wow. So I’ve been living with a really healthy dose of delay as the Piper as the zwave controller.

open app, wait a few seconds for auth, cloud sync etc
click on device to turn on/off
wait a few more seconds, device does the thing.

Now with local control the aeon smart energy switch G2 toggles before my finger finishes the click of the mouse/tap of screen, just amazing.

The aeon smart dimmer switch is laggy though, which is interesting. I also to not have dimmer controls, just on/off- but then in automations I do have dimmer controls…

With one of the aeon door switches I had to import it twice for it to show up correctly.

HA has come a long long looooong way but its still super frustrating to do just about anything. IMO its still not normie approved, you still have to be a LVL1’er type to make use of it.

Token · July 8, 2022, 6:14pm

I got some of these:

Connecting them to HA has been the easiest of the zwave devices. So excited how I can now use this data to automate things and push notifications if I’m out- self hosted as I’ve read the Nest stuff is somewhat of a hot mess.

As I’m installing this comes out:

Dig this dude’s thoroughness.

Token · July 8, 2022, 7:04pm

Sweet:

Begone with you 3rd party hubs required to update sensors.

Token · July 8, 2022, 8:23pm

It’s not a home assistant update if it doesn’t break something.

My Synology integrations stopped working haha.

Oh home assistant, some things just don’t change…

SgtAwesomesauce · July 8, 2022, 8:27pm

I’ve not got enough justification to use homeassistant properly quite yet.

Hoping I’ll give it a go once I’m all settled in with the move.

Token · July 8, 2022, 8:50pm

At your skill level I think you will really enjoy it.

I’m already having to debate restoring from backup as this update seems to break the synology integration- a simple restart of the service, checking if the creds got dropped etc is not fixing it.

Home Assistant is far from a turn-key product with #justworks attributes. But I think you will wrangle it no problem and make it do cool things.

Token · July 8, 2022, 8:58pm

Pretty neat I don’t even need to SSH in and navigate for logs, use grep. Just installed the log viewer add-on and already getting good data:

I’m suspecting the synology integration is built on Python X and the HA update is requiring python Y.

Token rant time: Its not that I know what I’m looking at here, I totally don’t, but when I’ve debugged multiple issues on other software/apps… man… its usually python rearing its ugly head.

I never got on the python band wagon and have grown to hate its update frequency and process, its a constant churn of breaking apps and integrations that are not maintained by full time devs.

Token · July 8, 2022, 9:10pm

This was the fix: delete and re-add the integration.

github.com/home-assistant/core

Synology DSM Integration fails after every HA reboot

opened 05:05PM - 01 Feb 22 UTC

closed 03:43AM - 09 Mar 22 UTC

RichJeanes

waiting-for-reply integration: synology_dsm

### The problem Every time Home Assistant is rebooted, the Synology DSM integ…ration reports `Failed to set up`. Then I must delete and re-add the integration. ### What version of Home Assistant Core has the issue? core-2021.12.10 ### What was the last working version of Home Assistant Core? _No response_ ### What type of installation are you running? Home Assistant OS ### Integration causing the issue Synology DSM ### Link to integration documentation on our website https://www.home-assistant.io/integrations/synology_dsm ### Example YAML snippet _No response_ ### Anything in the logs that might be useful for us? ```txt Logger: homeassistant.config_entries Source: components/synology_dsm/__init__.py:335 First occurred: 9:45:19 AM (1 occurrences) Last logged: 9:45:19 AM Error setting up entry nas01.jeanes.us for synology_dsm Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/config_entries.py", line 313, in async_setup result = await component.async_setup_entry(hass, self) # type: ignore File "/usr/src/homeassistant/homeassistant/components/synology_dsm/__init__.py", line 116, in async_setup_entry await api.async_setup() File "/usr/src/homeassistant/homeassistant/components/synology_dsm/__init__.py", line 335, in async_setup await self._hass.async_add_executor_job(self.dsm.login) File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 52, in run result = self.fn(*self.args, **self.kwargs) File "/usr/local/lib/python3.9/site-packages/synology_dsm/synology_dsm.py", line 161, in login result = self.get(API_AUTH, "login", params) File "/usr/local/lib/python3.9/site-packages/synology_dsm/synology_dsm.py", line 214, in get return self._request("GET", api, method, params, **kwargs) File "/usr/local/lib/python3.9/site-packages/synology_dsm/synology_dsm.py", line 232, in _request self.discover_apis() File "/usr/local/lib/python3.9/site-packages/synology_dsm/synology_dsm.py", line 132, in discover_apis self._apis = self.get(API_INFO, "query")["data"] TypeError: byte indices must be integers or slices, not str ``` ### Additional information DSM Version: 7.0-41890

Pretty lame, seems like something good development could avoid. But then again its just amazing how many people contribute to the project and make this stuff pretty turn key.

Token · July 8, 2022, 9:12pm

I wasn’t too hot on integrating synology into HA but there are two things I like with it so far:

survail station integration, I get camera previews with ease
temp and update status- you know what I’m using the BTUs from the NAS for and why I like to keep tabs on the temps.

Token · July 10, 2022, 3:12am

Alrighty, so this is an inner battle:

A big reason (for me) of home labbing and buying overkill gear was for learning and self hosting, to be self sufficient and cut out as many other parties as possible.

A better me would have gone/pushed even further, know how to and actually review code of the open source stuff I use, actually check the check sums of software, use data logging to try and hunt down supply chain attacks, network attacks etc.

But I’m lusting towards Tailscale.

Its 3rd party and IMO harder to monitor for shinanigans, but its SUPER appealing to do a tailscale router build/VM on my LAN, install client on phone and laptop and be set.

I have things like Home Assistant and other services that would require that I do the dance I’ve grown to hate doing. Something like (maybe not the right order but spit ballin) router >> port forward >> LAN IP of thing >> setup info with domain provider >> some kind of LetsEncrypt SSL setup >> fail >> bang head on wall >> try HAproxy >> failing continues >> kill liver some >> blitz lots of things, it works and I’m not sure what of the blitz I did made it work >> walk on egg shells to not brake anything etc… And then have the paranoia of yet another port opened on the firewall.

In alternate I have an OpenVPN setup but I don’t like having it on all the time on the phone and tunneling absolutely everything through it.

Enter tailscale, I like the idea of apps on my phone such as NAS SMB access, WAN blocked Reolink, Home Assistant etc #justworking as if I’m on my LAN (access + notifications) but while I’m out, but then other traffic is routing normally as if the phone is not on a VPN.

My issue is its a 3rd party, and its free for just a few boxes… and well nothing is “free”, the whole ‘if its free then you are the product’ thing.

But dang, its tempting.

Anyone self hosting something like tailscale or zerotier where their cloud service is not needed, but you are pulling a kind-of inception of hosting it yourself as heck, I have a domain, pfsense, boxes for VMs, it would be just one more port to open up but then serve lots of clients in a hybrid VPN type of way…

Token · July 10, 2022, 3:52am

@oO.o I just noticed I couldn’t access my unifi webUI that is a docker on my synology- I have the containers network setting as “host”.

I had to make a synology firewall entry to allow for the webUI ports- makes sense.

But then it highlighted… how the heck am I accessing all of these other docker container ports that do not have firewall entries? Those containers are set to bridge.

Is this normal? Seems like a flaw to me. I guess this is like port forwarding when set to bridge? As I’ve found port forwarded traffic on my pfsense does not get checked by the LAN interface IDS.

marelooke · July 10, 2022, 8:13pm

github.com/docker/docker.github.io

Default bridge configuration allows outside world connectivity

opened 05:48PM - 02 Jul 19 UTC

Perdjesk

area/Networking

File: [network/bridge.md](https://docs.docker.com/network/bridge/) The follow…ing section: https://docs.docker.com/network/bridge/#enable-forwarding-from-docker-containers-to-the-outside-world states > By default, traffic from containers connected to the default bridge network is not forwarded to the outside world. which is not correct using docker-ce 18.09.07. docker/libnetwork reference: https://github.com/docker/libnetwork/blob/5b9fe1e1628d6077d1ba7a8c9a4310d09c8702ed/drivers/bridge/setup_ip_tables.go#L176 Using default parameters the following iptable is created which allows outgoing packets: ``` -A FORWARD -i docker0 ! -o docker0 -j ACCEPT ``` Moreover the steps documented to enable IP forwarding on the host are not mandatory when using default docker daemon parameters since `--ip-forward` defaults to true, which enable host/kernel IP forwarding when not enabled. docker/libnetwork reference: https://github.com/docker/libnetwork/blob/04a014d03dc9430da22b12307188d2acfa775337/drivers/bridge/setup_ip_forwarding.go#L31 > The default bridge network is considered a legacy detail of Docker and is not recommended for production use. Configuring it is a manual operation Not sure what is the meaning of "legacy detail", but the default bridge network is setup automatically and does not require any manual operation.

More detailed discussion here.

It’s why I separated my firewall from everything else, Docker pulling shit like that (it will add these to the end of your iptables rules, overriding any DENY or other rules that came before it too).

Token · July 11, 2022, 1:48am

I have also read of how you have to use iptables to segment the use of nics otherwise it’s a party. Yeah I’m not ready for docker haha, feels like it’s easy to use VMs and just take the efficiency hit.

oO.o · July 11, 2022, 2:54pm

I’ve never run containers on a Synology but it sounds like they’re trying to make it easy but then it doesn’t work out each time. Idk. I’ve also never used standalone Docker for anything serious.

On a basic level, you definitely need some NAT/firewall stuff to get a private host container network out onto the LAN. Sounds like that is automated to varying degrees for different applications.