Jump to content

TiNas

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

 Content Type 

Posts posted by TiNas

    Reducing power consumption

    in Hardware

    Posted · Edited by TiNas

    I am looking at reducing the power consumption of my system.

     

    System specs:
    ASRock H370M-ITX/ac Version

    Intel Pentium Gold G5400 CPU @ 3.70GHz

    Corsair DDR4 Valueselect 1x8GB 2666

    Corsair PSU TX550M 550W

    1 case fan that is set to 0rpm when system is idling

     

    Storage:

    Kingston SSD UV500 120GB (Cache)

    WD Blue 3,5" (CMR, 64MB cache, 5400rpm), 2TB WD20EZRZ (Parity)

    WD HDD 3.5" 1TB S-ATA3 64MB WD10EFRX Red (Data)

     

     

    I am using both the ethernet ports on the system (2 different VLANs)


    The system is running a VPN in Docker which is rarely used.

    Homeassistant (running as a VM) with Zigbee gateway and is used as my NAS  backup drive.

     

     

    Things I already done to reduce power consumption:

    - Spin down harddrives after 4 hours

    - Disable WIFI and Bluetooth controller

    - Disable audio controller

    - Made sure all the C states are enabled in the BIOS

    - Turn of case fan below 50c CPU temp

    - In unraid tweaks:

          - Disable Intel Turbo/AMD Performance Boost

          - At night turn Power Saving CPU Scaling Governor to 'power saving'

    - Tried enabling powertop used auto-tune and it broke my Zigbee connection and didn't notice a difference in wattage used

     

     

    My power consumption idles at around 28 - 31 watts.

    I would like to see if I can lower the usage more.

     

    Any ideas?

     

    Passthrough of ConBee II Zigbee USB Gateway to Home Assistant Virtual Machine

    in VM Engine (KVM)

    Posted

    On 11/2/2022 at 8:50 PM, SimonF said:

    Remove any entries from the XML, Connected(Outside) means that the USB device is attached outside of USB Manager.

    Make sure not selected in template.

     

    VM must be stopped and then started for USB Manager to map correctly.

     

    Status should say Connected(serial).

     

    Once it is connected you should be able to attach in HA

     

    Thank you so much!!! This did it for me after hours of debugging.

    Storing secrets (tokens, passwords)

    in Security

    Posted

    43 minutes ago, doron said:

     

    No it doesn't! My wording may have been confusing - sorry about that, I now see that my text in parenthesis can be read in two different ways...

    The encryption key does NOT live on the USB by default - the default is to type in it during array startup. IF one does choose to use a keyfile, AND that keyfile is stored on the USB drive - THEN the rest applies.

    Hope I'm more clear now...

     

     

    No it does not, see above.

     

    aaah ok thanks :D

    I have to put in my passphrase so I am save in that regard! :D

     

    Then I think I will keep my secret like I described above on my encrypted drives, so they wont be acquired if anyone would acquire my physical USB drive.

     

    Thanks for the info and help!!! :D

    Storing secrets (tokens, passwords)

    in Security

    Posted · Edited by TiNas

    Ah if the encryption key from the drives is stored on the USB then this doesn't make a lot of sense to put the secrets on the encrypted data drives :)
    I didn't know that the encryption lived on the USB. But makes sense now that I think of it.
    Then I am wondering what is the point of encrypting the drives in the first place.. of course when they break down or you have to send them for RMA.

     

    I need to enter a password whenever I start the unraid array. Does this mean the encryption key is stored on the USB? or is it useless without the password?

    Is there a way to store the encryption key safely outside of the USB?

     

    Maybe I am overly worried, But I just dont like having data unecrypted.

    Storing secrets (tokens, passwords)

    in Security

    Posted

    14 hours ago, doron said:

    It all depends on your threat model.

    What is the attack (or leak) scenario you are concerned with? Who is the potential attacker?

     

    For some scenarios, I can't see why your solution is better than just keeping the secrets on your USB flash (i.e. somewhere under /boot).

    For yet other scenarios, it might actually be better.

     

    Note btw that the way you currently do it, a "ps" command would reveal the secret - try, in your case: 

    
ps ax | grep docker

    This may or may not be a problem (basically if someone is at the CLI level she can peek into your "keys" share) so again, all depends on your threat model.

     

    Thanks for your reply Doron,

     

    I know that if they have access to the terminal/NAS they can get the secrets. Which is not my concern.

     

    The Threat I want to protect my secrets from, is when somebody physically would acquire the USB drive.
    Its also just a feeling, having my secrets on any un-encrypted drive doesn't feel 'safe'.

    Storing secrets (tokens, passwords)

    in Security

    Posted

    The way I solved it right now is:

    Created a hidden/not exported share named 'keys'.

    really IMPORTANT to not export/share this share :)

     

    Where I saved my text files like 'telegram' containing the tokens.

     

    File content: 

    TOKEN=TOKENHERE

     

    In my user scripts I use 'sed' to get the value from the file

     

    like so 

    $(sed -n 's/^TOKEN=\(.*\)/\1/p' < /mnt/user/keys/telegram)

     

     

    Example user script command I use

      

    docker run -e "TELEGRAM_BOT_TOKEN=$(sed -n 's/^TOKEN=\(.*\)/\1/p' < /mnt/user/keys/telegram)" telegrambot

     

    This way my telegram/aws and other secrets are stored on encrypted drives and not on the unencrypted USB.

    Storing secrets (tokens, passwords)

    in Security

    Posted

    I have multiple commands that require secrets/passwords which will be triggered with a cron and user scripts.

    Example commands
    'AWS_ACCESS_KEY_ID=ABCD AWS_SECRET_ACCESS_KEY=EF1234 aws'

    'docker run -e "SOMESECRET=TOKEN" dockername'


    I noticed the scripts live under /tmp folder, and looks like they get carried over on reboot/shutdown. Which sounds to me like the user scripts are stored on the USB.
    So I dont feel comfortable with having my secrets (AWS keys, Telegram tokens, passwords) directly in the user scripts.

    Was thinking of storing them on a separate encrypted hidden share in a .env or .secret file and just read them with grep/cat.

    Where would be a good place to store them?

    Backup Unraid to offsite backup - Which directory to backup?

    in General Support

    Posted

    2 minutes ago, itimpi said:

    Those are all basically different views of the same data!

     

    /mnt/cache and /mnt/disk1 refer to the physical drives and thus show files that are on that specific drive.

     

    /mnt/user is the User Share view that can span multiple drives including all array disks and the cache.

    /mnt/user0 is a User Shate view that spans all array drives but omits any files that are on the cache.

    Thanks! :)

    Backup Unraid to offsite backup - Which directory to backup?

    in General Support

    Posted

    I have created a small docker container that will backup data to S3.
    I want to only backup some of my shares. But I am not 100% sure which folder I should backup.

    Noticed that there are multiple 'copies' of shares.

     

    Under '/mnt' I noticed there are multiple folders with the same files/folders (I think its a symlink)

    • /mnt/cache
    • /mnt/disk1
    • /mnt/user
    • /mnt/user0

    In which directory is the original data located?

    What directory can I use best to do my backups offsite?

    • Upvote 1
×
×
  • Create New...