Skip to content

Unraid Setup#

Docker Config#

  • create custom network
Bash
docker network create omninet
  • change docker installation to docker directory instead of btrfs vDisk docker.img to avoid SSD wear

  • some apps (e.g. Dropbox) constantly write to log file

  • this triggers the expected write amplification from BRTFS copy-on-write
  • details

Advanced Disk Settings#

[!note] SATA drives

Bash
hdparm -W  /dev/sdb # Query 
hdparm -W1 /dev/sdb # Enable
hdparm -W0 /dev/sdb # Disable

[!note] SAS drives

Bash
sdparm -g WCE    /dev/sdd # Query 
sdparm --set=WCE /dev/sdd # Enable
sdparm -c WCE    /dev/sdd # Disable

VM Config#

Host Config Tweaks#

  • disable Copy-on-write on share storing VM vdisk image files (default is domains)

  • configure CPU Isolation for Unraid Host and CPU Pinning for VM

  • Unraid only needs one or two physical core for peak performance

  • enable performance cpu governor bc the boost trigger from within a vm doesn't consistently work

[!note] Enable performance cpu governor

Bash
#!/bin/bash
cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
for file in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do echo "performance" > $file; done
cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor

[!note] Restore on-demand cpu governor

Bash
#!/bin/bash
cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
for file in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do echo "ondemand" > $file; done
cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
  • ensure clock source=tsc
Bash
cat /sys/devices/system/clocksource/clocksource0/current_clocksource
  • install Win11 without networking
Batchfile
Shift-F10
OOBE\BYPASSNRO 

Windows VM Guest Tweaks#

SMB#

  • SMB hardening
    Text Only
    #disable SMB1 for security reasons
    [global]
      server min protocol     = SMB3_02
      client ipc min protocol = SMB3_02
      restrict anonymous      = 2
      # client signing        = mandatory
      # server signing        = mandatory
      # client ipc signing    = mandatory
      # client NTLMv2 auth    = yes
      # smb encrypt           = required
      # null passwords        = no
      # raw NTLMv2 auth       = no