IsoKiero

Unfortunately, I don’t think the Pi supports RAID1.

I haven't ran any Pi with hard drives, but I don't see any reason why it wouldn't work with software raid on linux.

I can weigh in with my small experience with their hardware. Back in the day we used quite a lot of their hardware for VPN-clients, firewalls and things like that in small-ish offices on work and I've been running my router for 5(ish) years without any hiccups with 1 spf port and 8x1Gbps copper and a 1/1Gbps upstream (trough spf).

I still have a bunch of old hardware gathering dust in the bin from when we ran them at the office (around 2010-2014, give or take a few years) and all of them still work. Granted, an old 100Mbps router isn't that useful today, but I still occasionally use them on my homelab for testing/verification of my ideas.

My current home office goes around 30C in the summer but that hasn't been an issue at all. And their pricing is pretty decent. The unit I have isn't available anymore, but vendor claimed that it can push up to 7,5Gbps trough and the price was something around 120€.

That being said, I don't have that much experience with them (only a handful of models and none of them was pushed too hard), but personally I'd pick anything from mikrotik over zyxel/d-link/tp-link.

You could of course use some kind of socket or connetor for supercap, but as they last far less than I thought then I get why it doesn't make sense. This thinkstation I'm writing with in my garage I got for free at old office is from 2011 and it's still running original cmos battery. No idea if there's any juice left on it, but at least it doesn't complain anything at boot and once it refuses to boot it'll become e-waste immediately (I do metal working, fix cars etc at the garage, so internals of this thing are far from clean, I think this is 3rd or 4th hardware for 10 years in here with only the SSD moved from setup to another).

You can deflect rain while you're at it too.

The only real solution is to make this an extended maintenance task.

This is the correct answer. No matter how reliable your power feed is you still need to reboot the server at some point for whatever reason and if CMOS battery is dead by then you'll have the very same issue and you'll need monitor and keyboard again. And even if you don't mind about the RTC on board you'll still lose the settings.

I wonder why manufacturers haven't switched over to supercapacitors or something else than a coin cell battery, but perhaps there's a valid reason for it. I think that supercaps can't hold charge as long as a coin cell, but if your board is completely cold for a year or so maybe losing bios settings isn't that big of a deal.

I haven't paid too much attention on what lenovo is doing lately, but at some point they brought L-series thinkpad-branded laptops on the market which was pretty much garbage. At least in here local stores sold first models of L-series as a 'thinkpad grade laptops for consumer pricing' and they were just bad on all fronts, as the L-series was just a competition on a*-brands trying to get their share for sub-300€ (or whatever that was at the time) laptops from your equivalent of walmart riding on the brand which they didn't build.

Gladly that died out pretty soon and Think* brand is still somewhat strong with their T/W/X models as they used to be when IBM ran the business. Of course they had their own issues too, USB-C docks were garbage with everyone when they started to appear and people at the office still curse on thinkpads for various issues with firmware/hardware/whatever, but in my experience it's been the same road for all the big players. Dell had a pretty decent sales/support going on at 2010(ish), but their hardware had plenty of problems, HP had pretty good pricing for their hardware a bit later, but they had massive issues with firmware and so on.

I've been pretty happy with thinkpads I've got since R50 brand new (if I recall correctly) and for me they've been available on second hand market in here since that. But that's just a personal experience, I've never been in charge to buy hunderds of anything on IT department at work.

Depends on what you call 'old' and what your use case is. My T495 was less than 300€ and it does everything I need from a laptop easily. Bigger drive would be nice, but once the summer is over I rarely need to pull 4K video from sd-cards in temporary storage, so I doubt I'll bother to upgrade it any time soon.

Lenovo makes consumer crap with their own brand and they have Think -line of products from the big blue and the latter is pretty much comparable to all the other big players (dell, hp, fujitsu...) on desktop/laptop market. Each have their own annoyances and fuckups and in general if you ask opinion from 3 IT professionals on which brand to buy you'll get 4-6 answers.

Personally if I'm looking for a laptop I'll go to pre-leased and refurbished thinkpad. I currently have T465 and for wife I got pretty decent Tsomething from the office for peanuts.

Apparently you can kind-of rewrite queries on the fly with PowerDNS scripting and answer accordingly. So maybe that's what you're looking for.

That's not how DNS works. If you publicly query tfk.example.com it'll reply with a records associated to that entry and that's it. The client then attempts to connect to those IP addresses and no further DNS queries are made (assuming there's no CNAME records). If you want to use DNS for that then you'll need to add entries directly to tfk.example.com which point to your internal addresses.

So, you need to change tfk.example.com records whenever IP addresses change, most likely via some kind of API to automate things, assuming you don't directly control name servers for tfk.example.com by yourself.

But, as you're running a proxy anyways it doesn't reveal internal addresses and the client needs only public addresses to connect into. I haven't heard about traefik before, so I don't have a clue on how it works, but 'traditional' proxies effectively hide everything on the 'LAN' side. (Yes, I know, it's not necessarily/strictly speaking LAN).

You can pay for dyndns service which should be more reliable than free ones. I don't have any experience with those, so I can't give any recommendations. What I'm running is that I use few of the free ones which are updated either from my router or from a linux VM and I've just pointed few easy to remember CNAME records from my own domain to those dynamic addresses. It's not the best thing in the world, but my dynamic IP tends to be pretty static as it usually changes only when my own hardware is down for a longer period of time (few hours or so, so a longer power outage or a hardware maintenance gone wrong).

I assume you don't intend to copy the files but use them from a remote host? As security is a concern I suppose we're talking about traffic over the public network where (if I'm not mistaken) kerberos with NFS doesn't provide encryption, only authentication. You obviously can tunnel NFS with SSH or VPN and I'm pretty sure you can create a kerberos ticket which stores credentials locally for longer periods of time and/or read them from a file.

SSH/VPN obviously causes some overhead, but they also provide encryption over the public network. If this is something ran in a LAN I wouldn't worry too much about encrypting the traffic and in my own network I wouldn't worry about authentication either too much. Maybe separate the NFS server to it's own VLAN or firewall it heavily.